Skip to main content

ggshield secret scan repo

Description

Scan a REPOSITORY's commits at the given URL or path.

ggshield secret scan repo [OPTIONS] REPOSITORY

REPOSITORY is the clone URL or the path of the repository to scan.

Options

  • --instance URL: URL of the instance to use.
  • --with-incident-details: Display full details about the dashboard incident if one is found (JSON and SARIF formats only). Requires the 'incidents:read' scope.
  • -b, --banlist-detector DETECTOR: Exclude results from a detector.
  • --ignore-known-secrets: Ignore secrets already known by GitGuardian dashboard.
  • --exclude PATTERNS: Do not scan paths that match the specified glob-like patterns.
  • --exit-zero: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with the GITGUARDIAN_EXIT_ZERO environment variable.
  • --show-secrets: Show secrets in plaintext instead of hiding them.
  • -o, --output PATH: Redirect ggshield output to PATH.
  • --format [text|json|sarif]: Format to use for the output.
  • --json: Shorthand for --format json.

This command supports all ggshield global options.

Examples

# scan a repository with its clone URI
$ ggshield secret scan repo git@github.com:GitGuardian/ggshield.git

# scan a repository with its path
$ ggshield secret scan repo /repositories/ggshield

See also

It is best to use a native VCS integration and view the results of a scan within the dashboard.