Skip to main content

Detect secrets on developer workstations


Secrets detection can be integrated very early on in the development process. GitGuardian empowers developers, with ggshield (our command-line interface application) to scan their commits for hardcoded secrets before pushing them.

The cost of fixing hardcoded secrets is much lower at this stage than once they have reached the central/shared repository, hence the importance of shifting security left and providing developers with early and frequent feedback.

ggshield can be integrated into git hooks to automatically scan code before committing staged changes (pre-commit hook) or before pushing code to the shared repository (pre-push hook).

What are git hooks?
Like many Version Control Systems, git has a way to fire off custom scripts when certain actions are triggered. There are two groups of these hooks: client-side and server-side. Client-side hooks are triggered by operations such as committing and merging, while server-side hooks run on network operations such as receiving pushed commits. The custom scripts running in git hooks can be used for a variety of purposes like linting, testing, and running security scans on your code.

Getting started with ggshield

  1. Set up ggshield on your workstation
  2. Configure the git hooks with ggshield:

Additional resources

How can I help you ?