ggshield secret scan pre-receive
Description
Scan as a pre-receive git hook all commits about to enter the remote git repository.
ggshield secret scan pre-receive [OPTIONS] [PRERECEIVE_ARGS]...
The GITGUARDIAN_GIT_REMOTE_FALLBACK_URL environment variable can be set to provide a fallback repository URL when it cannot be detected from the git remote configuration.
Options
--source-uuid TEXT: Identifier of the custom source in GitGuardian. If used, incidents will be created and visible on the dashboard. Requires the 'scan:create-incidents' scope.--all-secrets: Do not ignore any secret. Possible ignore-reason is shown as well.--instance URL: URL of the instance to use.--with-incident-details: Display full details about the dashboard incident if one is found (JSON and SARIF formats only). Requires the 'incidents:read' scope.-b,--banlist-detector DETECTOR: Exclude results from a detector.--ignore-known-secrets: Ignore secrets already known by GitGuardian dashboard.--exclude PATTERNS: Do not scan paths that match the specified glob-like patterns.--exit-zero: Return a 0 (non-error) status code, even if incidents are found. An error status code will still be returned for other errors, such as connection errors. This option can also be set with theGITGUARDIAN_EXIT_ZEROenvironment variable.--show-secrets: Show secrets in plaintext instead of hiding them.-o,--output PATH: Redirect ggshield output to PATH.--format [text|json|sarif]: Format to use for the output.--json: Shorthand for--format json.--fail-on-server-error / --no-fail-on-server-error: Whether git hook and CI scan commands should fail when the GitGuardian server is unreachable or returns a 5xx response. When disabled, the command exits with code 0 and a warning is displayed instead of blocking the git operation. Defaults to enabled. Can also be set with theGITGUARDIAN_FAIL_ON_SERVER_ERRORenvironment variable.
This command supports all ggshield global options.
See also
Go to our dedicated documentation for more details about pre-receive integration with ggshield.
