ggshield 1.29.0

on Python PyPI

Removed

• The --all option of the ggshield sca scan ci and ggshield iac scan ci commands has been removed.

Added

• ggshield secret scan path now provides a --use-gitignore option to honor .gitignore and related files (#801).

• A new secret scan command, ggshield secret scan changes, has been added to scan changes between the current state of a repository checkout and its default branch.

• GGShield is now available as a standalone executable on Windows.

Changed

• The behavior of the ggshield sca scan ci and ggshield iac scan ci commands have changed. These commands are now expected to run in merge-request CI pipelines only, and will compute the diff exactly associated with the merge request.

Deprecated

• Running ggshield sca scan ci or ggshield iac scan ci outside of a merge request CI pipeline is now deprecated.

Fixed

• Errors thrown during ggshield auth login flow with an invalid instance URL are handled and the stack trace is no longer displayed on the console.

• Patch symbols at the start of lines are now always displayed, even for single line secrets.

• The ggshield auth login command now respects the --allow-self-signed flag.

• GGShield now exits with a proper error message instead of crashing when it receives an HTTP response without Content-Type header.