Overview
#
DescriptionThe secret scan
command is the main command for ggshield, it has a few options that can be used to override output behaviour.
ggshield secret scan [OPTIONS] <SUBCOMMAND> [ARGS]...
#
Options--show-secrets
: show secrets in plaintext instead of hiding them.--exit-zero
: always return a 0 (non-error) status code, even if incidents are found. The env varGITGUARDIAN_EXIT_ZERO
can also be used to set this option.--all-policies
: present fails of all policies (Filenames, FileExtensions, Secret Detection). By default, only Secret Detection is shown.-v
,--verbose
: verbose display mode.-o
,--output <PATH>
: route ggshield output to file.-b
,--banlist-detector <TEXT>
: exclude results from a detector.--exclude <PATH>
: do not scan the specified path.--ignore-default-excludes
: ignore excluded patterns by default. [default: False]
#
ggshield global options-h
,--help
: display detailed help--json
: output results in JSON [default:false]
#
Subcommandsggshield secret scan
has different subcommands for each type of scan.