ggshield sca scan pre-receive
caution
This feature is experimental, and only available from GGShield version 1.18.0.
Description
Scans if the received HEAD of a git repository introduces new SCA vulnerabilities.
ggshield sca scan pre-receive [OPTIONS]
This command checks if the current HEAD of a git repository introduces new SCA vulnerabilities compared to the remote HEAD of the branch in a pre-receive hook.
Scanning a repository with this command will not trigger any incident on your dashboard.
Only metadata such as call time, request size and scan mode is stored server-side.
Options
--ignore-not-fixable
: Ignore incidents that cannot be fixed for now.--ignore-fixable
: Ignore incidents related to vulnerabilities that have a fix.--format [text|json]
: Format to use for the output.--json
: Shorthand for--format json
.--ignore-path
,--ipa PATTERN
: Do not scan paths that match the specified glob-like patterns.--minimum-severity [LOW|MEDIUM|HIGH|CRITICAL|MALICIOUS]
: Minimum severity of the vulnerabilities.--exit-zero
: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with theGITGUARDIAN_EXIT_ZERO
environment variable.--all
: Reports all vulnerabilities in the final state.
This command supports all ggshield global options.