Shift left is a development principle which states that code quality and security should move from the right or at the very end of the software development life cycle (after code is deployed to runtime environments) to the left – in developer workstations and IDEs, in Continuous Integration (CI) pipelines, etc.
In other words, security, and secrets detection, should be integrated and designed into all stages of the development process. This new shift requires developers to take more ownership of security and security principles.
ggshield, the GitGuardian CLI (command-line interface) integrates GitGuardian's secrets detection engine in your developer workflows,
GitGuardian Shield or ggshield helps you catch hardcoded secrets earlier in the software development lifecycle. In cases where pre-commit or pre-receive hooks are configured with ggshield, you will be alerted before secrets leave your local workstation and enter the shared/central repositories. This prevents secrets from getting exposed and in turn, avoids you the pain of incident remediation and the revoking and rotating of secrets.
GitGuardian Shield is a very flexible tool. It is fast and easy to integrate but does not provide the same security guarantees as real-time monitoring of your Version Control System (VCS). Pre-commit or pre-receive hooks can be bypassed for example on developer workstations. In Continuous Integration (CI) pipelines, ggshield has to be configured individually for each workflow/pipeline to add a secrets scanning job.
The GitGuardian Internal Monitoring platform and its native VCS integrations give you:
- Complete visibility over all repositories in your perimeter in addition to the possibility to scan their entire commit history (periodically and on-demand),
- Real-time protection with automated scanning of every new code commit that reaches the VCS.