Overview

Description

The secret scan command is the main command for ggshield, it has a few options that can be used to override output behaviour.

ggshield secret scan [OPTIONS] <SUBCOMMAND> [ARGS]...

Options

• --show-secrets: show secrets in plaintext instead of hiding them.
• --exit-zero: always return a 0 (non-error) status code, even if incidents are found. The env var GITGUARDIAN_EXIT_ZERO can also be used to set this option.
• --all-policies: present fails of all policies (Filenames, FileExtensions, Secret Detection). By default, only Secret Detection is shown.
• -v, --verbose: verbose display mode.
• -o, --output <PATH>: route ggshield output to file.
• -b, --banlist-detector <TEXT>: exclude results from a detector.
• --exclude <PATH>: do not scan the specified path.
• --ignore-default-excludes: ignore excluded patterns by default. [default: False]

ggshield global options

• -h, --help: display detailed help
• --json: output results in JSON [default:false]

Subcommands

ggshield secret scan has different subcommands for each type of scan.

• ggshield secret scan ci
• ggshield secret scan commit-range
• ggshield secret scan path
• ggshield secret scan pre-commit
• ggshield secret scan pre-push
• ggshield secret scan pre-receive
• ggshield secret scan pypi
• ggshield secret scan repo
• ggshield secret scan archive