Skip to main content

ggshield sca scan pre-receive

caution

This feature is experimental, and only available from GGShield version 1.18.0.

Description

Scans if the received HEAD of a git repository introduces new SCA vulnerabilities.

ggshield sca scan pre-receive [OPTIONS]

This command checks if the current HEAD of a git repository introduces new SCA vulnerabilities compared to the remote HEAD of the branch in a pre-receive hook.

Scanning a repository with this command will not trigger any incident on your dashboard.

Only metadata such as call time, request size and scan mode is stored server-side.

Options

  • --ignore-not-fixable: Ignore incidents that cannot be fixed for now.
  • --ignore-fixable: Ignore incidents related to vulnerabilities that have a fix.
  • --format [text|json]: Format to use for the output.
  • --json: Shorthand for --format json.
  • --ignore-path, --ipa PATTERN: Do not scan paths that match the specified glob-like patterns.
  • --minimum-severity [LOW|MEDIUM|HIGH|CRITICAL|MALICIOUS]: Minimum severity of the vulnerabilities.
  • --exit-zero: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with the GITGUARDIAN_EXIT_ZERO environment variable.
  • --all: Reports all vulnerabilities in the final state.

This command supports all ggshield global options.

How can I help you ?