Skip to main content

Azure pipelines


GitGuardian CI/CD integration with Azure Pipelines is performed through our CLI application gg-shield. gg-shield is a wrapper around GitGuardian API for secrets detection that requires an API key to work.

⚠ Azure Pipelines does not support commit ranges outside of GitHub Pull Requests, therefore on push events in a regular branch only your latest commit will be scanned. This limitation doesn't apply to GitHub Pull Requests where all the commits in the pull request will be scanned.


Azure Pipelines output


  1. Create an API key within the API section of your GitGuardian workspace.

  2. Add this API key to the gitguardianApiKey secret variable in your pipeline settings.

  3. Add a new job using gg-shield to your Azure pipeline

jobs:- job: GitGuardianShield  pool:    vmImage: 'ubuntu-latest'  container: gitguardian/ggshield:latest  steps:  - script: ggshield scan ci    env:      GITGUARDIAN_API_KEY: $(gitguardianApiKey)