scan command is the main command for ggshield, it has a few config
options that can be used to override output behaviour.
Usage: ggshield scan [OPTIONS] COMMAND [ARGS]... Command to scan various contents. Options: --show-secrets Show secrets in plaintext instead of hiding them. --exit-zero Always return a 0 (non-error) status code, even if incidents are found.The env var GITGUARDIAN_EXIT_ZERO can also be used to set this option. --all-policies Present fails of all policies (Filenames, FileExtensions, Secret Detection).By default, only Secret Detection is shown. -v, --verbose Verbose display mode. -o, --output PATH Route ggshield output to file. -b, --banlist-detector TEXT Exclude results from a detector. --exclude PATH Do not scan the specified path. --ignore-default-excludes Ignore excluded patterns by default. [default: False] --json JSON output results [default: False] -h, --help Show this message and exit. Commands: ci scan in a CI environment. commit-range scan a defined COMMIT_RANGE in git. docker scan a docker image <NAME>. path scan files and directories. pre-commit scan as a pre-commit git hook. pre-push scan as a pre-push git hook. pre-receive scan as a pre-receive git hook. repo scan a REPOSITORY's commits at a given URL or path.
ggshield scan has different subcommands for each type of scan.
CI: scan each commit since the last build in your CI.
ggshield scan ci
No options or arguments
Go to our dedicated documentation for more details about CI/CD integrations with ggshield.
Commit Range: scan each commit in the given commit range.
Usage: ggshield scan commit-range [OPTIONS] COMMIT_RANGE scan a defined COMMIT_RANGE in git. git rev-list COMMIT_RANGE to list several commits to scan. example: ggshield scan commit-range HEAD~1...
Path: scan files or directories with the recursive option.
Usage: ggshield scan path [OPTIONS] PATHS... scan files and directories. Options: -r, --recursive Scan directory recursively -y, --yes Confirm recursive scan -h, --help Show this message and exit.
Repo: scan all commits in a git repository.
Usage: ggshield scan repo [OPTIONS] REPOSITORY scan a REPOSITORY at a given URL or path REPOSITORY is the clone URI or the path of the repository to scan. Examples: ggshield scan repo firstname.lastname@example.org:GitGuardian/ggshield.git ggshield scan repo /repositories/ggshield
It is best to use a native VCS integration and view the results of a scan within the dashboard.
Docker: scan a Docker image after exporting its filesystem and manifest with the
Usage: ggshield scan docker [OPTIONS] IMAGE_NAME ggshield will try to pull the image if it's not available locallyOptions: -h, --help Show this message and exit.
ggshield scan docker gitguardian/ggshield