Added
-
New command:
ggshield iac scan all. This command replaces the now-deprecatedggshield iac scan. It scans a directory for IaC vulnerabilities. -
New command:
ggshield iac scan diff. This command scans a Git repository and inspects changes in IaC vulnerabilities between two points in the history.- All options from
ggshield iac scan allare supported:--ignore-policy,--minimum-severity,--ignore-pathetc. Executeggshield iac scan diff -hfor more details. - Two new options allow to choose which state to select for the difference:
--ref <GIT-REFERENCE>and--staged. - The command can be integrated in Git hooks using the
--pre-commit,--pre-push,--pre-receiveoptions. - The command output list vulnerabilities as
unchanged,newanddeleted.
- All options from
-
Added a
--log-file FILEoption to redirect all logging output to a file. The option can also be set using the$GITGUARDIAN_LOG_FILEenvironment variable.
Changed
-
Improved
secret scan pathspeed by updating charset-normalizer to 3.1. -
Errors are no longer reported twice: first using human-friendly message and then using log output. Log output is now off by default, unless
--debugor--log-fileis set (#213). -
The help messages for the
honeytokencommands have been updated. -
ggshield honeytoken createnow displays an easier-to-understand error message when the user does not have the necessary permissions to create an honeytoken. -
ggshield auth loginnow displays a warning message if the token expiration date has been adjusted to comply with the personal access token maximum lifetime setting of the user's workspace.
Deprecated
ggshield iac scanis now replaced by the newggshield iac scan all, which supports the same options and arguments.