Skip to main content
Sign Up

ggshield iac scan all

Beta program

Please note that IaC Prevention features are currently in beta.

info

This command was implemented in version 1.17.0

Description

Scan a directory for all IaC vulnerabilities in the current state.

ggshield iac scan all [OPTIONS] [DIRECTORY]

The scan is successful if no IaC vulnerability (known or new) was found.

Options

  • --json: Use JSON output.
  • --ignore-path, --ipa PATTERN: Do not scan paths that match the specified glob-like patterns.
  • --ignore-policy, --ipo TEXT: Policies to exclude from the results.
  • --minimum-severity [LOW|MEDIUM|HIGH|CRITICAL]: Minimum severity of the policies.
  • --exit-zero: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with the GITGUARDIAN_EXIT_ZERO environment variable.

This command supports all ggshield global options.

Ignore error exit codes

If you need this command to exit with a code 0 even when IaC vulnerabilities are found in a scan, you can pass the option --exit-zero

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?