GitGuardian CI/CD integration with Azure Pipelines is performed through our CLI application gg-shield. gg-shield is a wrapper around GitGuardian API for secrets detection that requires an API key to work.
⚠ Azure Pipelines does not support commit ranges outside of GitHub Pull Requests, therefore on push events in a regular branch only your latest commit will be scanned. This limitation doesn't apply to GitHub Pull Requests where all the commits in the pull request will be scanned.
Create an API key within the API section of your GitGuardian workspace.
Add this API key to the
gitguardianApiKeysecret variable in your pipeline settings.
Add a new job using gg-shield to your Azure pipeline
jobs:- job: GitGuardianShield pool: vmImage: 'ubuntu-latest' container: gitguardian/ggshield:latest steps: - script: ggshield scan ci env: GITGUARDIAN_API_KEY: $(gitguardianApiKey)