ggshield secret scan path
Description
Scan files and directories.
ggshield secret scan path [OPTIONS] PATHS...
Options
-r
,--recursive
: Scan directory recursively.-y
,--yes
: Confirm recursive scan.--use-gitignore
: Honor content of .gitignore files.--instance URL
: URL of the instance to use.--with-incident-details
: Display full details about the dashboard incident if one is found (JSON and SARIF formats only). Requires the 'incidents:read' scope.-b
,--banlist-detector DETECTOR
: Exclude results from a detector.--ignore-known-secrets
: Ignore secrets already known by GitGuardian dashboard.--exclude PATTERNS
: Do not scan paths that match the specified glob-like patterns.--exit-zero
: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with theGITGUARDIAN_EXIT_ZERO
environment variable.--show-secrets
: Show secrets in plaintext instead of hiding them.-o
,--output PATH
: Redirect ggshield output to PATH.--format [text|json|sarif]
: Format to use for the output.--json
: Shorthand for--format json
.
This command supports all ggshield global options.
Examples
# scan a file
$ ggshield secret scan path my_repo/my_file.py
# scan a directory recursively
$ ggshield secret scan path --recursive my_repo/