ggshield iac scan all
Beta program
Please note that IaC Prevention features are currently in beta.
info
This command was implemented in version 1.17.0
Description
Scan a directory for all IaC vulnerabilities in the current state.
ggshield iac scan all [OPTIONS] [DIRECTORY]
The scan is successful if no IaC vulnerability (known or new) was found.
Options
--json
: Use JSON output.--ignore-path
,--ipa PATTERN
: Do not scan paths that match the specified glob-like patterns.--ignore-policy
,--ipo TEXT
: Policies to exclude from the results.--minimum-severity [LOW|MEDIUM|HIGH|CRITICAL]
: Minimum severity of the policies.--exit-zero
: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with theGITGUARDIAN_EXIT_ZERO
environment variable.
This command supports all ggshield global options.
Ignore error exit codes
If you need this command to exit with a code 0 even when IaC vulnerabilities are found in a scan, you can pass the option --exit-zero