ggshield sca scan diff

caution

This feature is experimental, and only available from GGShield version 1.18.0.

Description

Scans if the current revision of a git repository introduces SCA vulnerabilities.

ggshield sca scan diff [OPTIONS] [DIRECTORY]

This command checks if the current revision introduces new vulnerabilities compared to the revision from GIT_REF.

Scanning a repository with this command will not trigger any incident on your dashboard.

Only metadata such as call time, request size and scan mode is stored server-side.

Options

• --ignore-not-fixable: Ignore incidents that cannot be fixed for now.
• --ignore-fixable: Ignore incidents related to vulnerabilities that have a fix.
• --json: Use JSON output.
• --ignore-path, --ipa PATTERN: Do not scan paths that match the specified glob-like patterns.
• --minimum-severity [LOW|MEDIUM|HIGH|CRITICAL]: Minimum severity of the policies.
• --exit-zero: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with the GITGUARDIAN_EXIT_ZERO environment variable.
• --ref GIT_REF: A Git reference, such as a commit ID, a reference relative to HEAD or a remote. [required]
• --staged: Include staged changes in the scan.

This command supports all ggshield global options.

Was this page helpful?