ggshield secret scan repo
Description
Scan a REPOSITORY's commits at the given URL or path.
ggshield secret scan repo [OPTIONS] REPOSITORY
REPOSITORY is the clone URL or the path of the repository to scan.
Options
--all-secrets: Do not ignore any secret. Possible ignore-reason is shown as well.--instance URL: URL of the instance to use.--with-incident-details: Display full details about the dashboard incident if one is found (JSON and SARIF formats only). Requires the 'incidents:read' scope.-b,--banlist-detector DETECTOR: Exclude results from a detector.--ignore-known-secrets: Ignore secrets already known by GitGuardian dashboard.--exclude PATTERNS: Do not scan paths that match the specified glob-like patterns.--exit-zero: Return a 0 (non-error) status code, even if incidents are found. An error status code will still be returned for other errors, such as connection errors. This option can also be set with theGITGUARDIAN_EXIT_ZEROenvironment variable.--show-secrets: Show secrets in plaintext instead of hiding them.-o,--output PATH: Redirect ggshield output to PATH.--format [text|json|sarif]: Format to use for the output.--json: Shorthand for--format json.
This command supports all ggshield global options.
Examples
# scan a repository with its clone URI
$ ggshield secret scan repo git@github.com:GitGuardian/ggshield.git
# scan a repository with its path
$ ggshield secret scan repo /repositories/ggshield
See also
It is best to use a native VCS integration and view the results of a scan within the dashboard.
