pypi ggshield 1.18.0

latest releases: 1.33.0, 1.32.2, 1.32.1...
15 months ago

Added

HMSL

  • ggshield gained a new group of commands: hmsl, short for "Has My Secret Leaked". These commands make it possible to securely check if secrets have been leaked in a public repository.

IaC

  • ggshield iac scan now provides three new commands for use as Git hooks:

    • ggshield iac scan pre-commit
    • ggshield iac scan pre-push
    • ggshield iac scan pre-receive

    They use the same arguments and options as the other ggshield iac scan commands.

  • The new ggshield iac scan ci command can be used to perform IaC scans in CI environments.
    It supports the same arguments as hook subcommands (in particular, --all to scan the whole repository).
    Supported CIs are:

    • Azure
    • Bitbucket
    • CircleCI
    • Drone
    • GitHub
    • GitLab
    • Jenkins
    • Travis

SCA

  • ggshield sca scan pre-commit now provides a --all option to scan all files.

  • The text output of ggshield sca scans now includes the identifier of the SCA vulnerability.

  • The new ggshield sca scan diff command can be used to run custom differential scans.

Other

  • It is now possible to manipulate the default instance using ggshield config:

    • ggshield config set instance <THE_INSTANCE_URL> defines the default instance.
    • ggshield config unset instance removes the previously defined instance.
    • The default instance can be printed with ggshield config get instance and ggshield config list.

Changed

  • ggshield now requires Python 3.8.

  • The IaC Github Action now runs the new ggshield iac scan ci command. This means the action only fails if the changes introduce a new vulnerability. To fail if any vulnerability is detected, use the ggshield iac scan ci --all command.

Removed

  • The following options have been removed from ggshield iac scan diff: --pre-commit, --pre-push and --pre-receive. You can replace them with the new ggshield iac scan pre-* commands.

Fixed

  • ggshield secret scan docker now runs as many scans in parallel as the other scan commands.

  • ggshield now provides an easier-to-understand error message for "quota limit reached" errors (#309).

  • ggshield iac scan diff --minimum-severity and --ignore-policy options are now correctly processed.

  • ggshield secret scan no longer tries to scan files longer than the maximum document size (#561).

Security

Don't miss a new ggshield release

NewReleases is sending notifications on new releases.