Skip to main content

ggshield iac scan all

Beta program

Please note that IaC Prevention features are currently in beta.


This command was implemented in version 1.17.0


Scan a directory for all IaC vulnerabilities in the current state.

ggshield iac scan all [OPTIONS] [DIRECTORY]

The scan is successful if no IaC vulnerability (known or new) was found.


  • --json: Use JSON output.
  • --ignore-path, --ipa PATTERN: Do not scan paths that match the specified glob-like patterns.
  • --ignore-policy, --ipo TEXT: Policies to exclude from the results.
  • --minimum-severity [LOW|MEDIUM|HIGH|CRITICAL]: Minimum severity of the policies.
  • --exit-zero: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with the GITGUARDIAN_EXIT_ZERO environment variable.

This command supports all ggshield global options.

Ignore error exit codes

If you need this command to exit with a code 0 even when IaC vulnerabilities are found in a scan, you can pass the option --exit-zero