Overview

The GitGuardian CLI, ggshield, provides security guardrails at every stage of your Software Development Lifecycle (SDLC).
Find and fix more than 350+ types of hardcoded secrets and 70+ Infrastructure-as-Code security misconfigurations.

ggshield [COMMAND] [SUBCOMMAND] [OPTIONS]

Core commands

• ggshield auth
• ggshield secret scan
• ggshield honeytoken create
• ggshield iac scan

caution

Since v1.15.0, ggshield scan and ggshield ignore commands are not supported anymore. Use ggshield secret scan and ggshield secret ignore instead.

Additional commands

• ggshield secret ignore
• ggshield api-status
• ggshield install
• ggshield quota

Options

• -h, --help: Show this message and exit.
• --allow-self-signed: Ignore SSL verification.
• -c, --config-path <FILE>: set a custom config file. Ignores local and global config files.
• -v, --verbose: Verbose display mode.
• --version: Show the version.
• --check-for-updates / --no-check-for-updates: After executing commands, check or not if a new version of ggshield is available.
• --log-file <FILE>: Send log output to FILE. Use - to redirect to stderr instead.
• --debug: Show debug information.

Exit codes

Depending on the outcome of the command, ggshield exit code will be one of these:

Code	Meaning
0	No problem found. If the command was a scan, it ran successfully and did not find any issue to report.
1	The command ran successfully, but it found issues to report. For example, a secret scan command found leaked secrets.
2	Usage error: the command did not receive the parameters it expected.
3	Authentication error: the command tried to log on a server, but the server rejected it.
128	Unexpected error.