{"id":13532715,"url":"https://github.com/gitguardian/ggshield","last_synced_at":"2025-05-13T15:11:55.720Z","repository":{"id":36952604,"uuid":"257326204","full_name":"GitGuardian/ggshield","owner":"GitGuardian","description":"Detect and validate 400+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.","archived":false,"fork":false,"pushed_at":"2025-05-05T14:29:32.000Z","size":6343,"stargazers_count":1746,"open_issues_count":46,"forks_count":153,"subscribers_count":31,"default_branch":"main","last_synced_at":"2025-05-05T15:50:25.486Z","etag":null,"topics":["apikey","code","credentials","devsecops","key","leak","precommit","scanning","secrets-detection","secrets-management","security"],"latest_commit_sha":null,"homepage":"https://gitguardian.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GitGuardian.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-04-20T15:36:24.000Z","updated_at":"2025-05-04T01:37:40.000Z","dependencies_parsed_at":"2024-03-11T14:43:32.903Z","dependency_job_id":"3af3c414-edf5-4e9f-926e-96cb4c720979","html_url":"https://github.com/GitGuardian/ggshield","commit_stats":{"total_commits":1423,"total_committers":71,"mean_commits":20.04225352112676,"dds":0.6036542515811665,"last_synced_commit":"4617a2d64679ea6eac09b783cc376d247e2d5454"},"previous_names":[],"tags_count":81,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GitGuardian","download_url":"https://codeload.github.com/GitGuardian/ggshield/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253969261,"owners_count":21992263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apikey","code","credentials","devsecops","key","leak","precommit","scanning","secrets-detection","secrets-management","security"],"created_at":"2024-08-01T07:01:13.155Z","updated_at":"2025-05-13T15:11:50.705Z","avatar_url":"https://github.com/GitGuardian.png","language":"Python","readme":"\u003ca href=\"https://gitguardian.com/\"\u003e\u003cimg src=\"https://cdn.jsdelivr.net/gh/gitguardian/ggshield/doc/logo.svg\"\u003e\u003c/a\u003e\n\n---\n\n# [ggshield](https://github.com/GitGuardian/ggshield): protect your code with GitGuardian\n\n[![PyPI](https://img.shields.io/pypi/v/ggshield?color=%231B2D55\u0026style=for-the-badge)](https://pypi.org/project/ggshield/)\n[![Docker Image Version (latest semver)](https://img.shields.io/docker/v/gitguardian/ggshield?color=1B2D55\u0026sort=semver\u0026style=for-the-badge\u0026label=Docker)](https://hub.docker.com/r/gitguardian/ggshield)\n[![License](https://img.shields.io/github/license/GitGuardian/ggshield?color=%231B2D55\u0026style=for-the-badge)](LICENSE)\n[![GitHub stars](https://img.shields.io/github/stars/gitguardian/ggshield?color=%231B2D55\u0026style=for-the-badge)](https://github.com/GitGuardian/ggshield/stargazers)\n[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/GitGuardian/ggshield/main.yml?branch=main\u0026style=for-the-badge)](https://github.com/GitGuardian/ggshield/actions)\n[![Codecov](https://img.shields.io/codecov/c/github/GitGuardian/ggshield?style=for-the-badge)](https://codecov.io/gh/GitGuardian/ggshield/)\n\n`ggshield` is a CLI application that runs in your local environment or in a CI environment to help you detect more than 400+ types of secrets.\n\n`ggshield` uses our [public API](https://api.gitguardian.com/doc) through [py-gitguardian](https://github.com/GitGuardian/py-gitguardian) to scan and detect potential vulnerabilities in files and other text content.\n\nOnly metadata such as call time, request size and scan mode is stored from scans using `ggshield`, therefore secrets will not be displayed on your dashboard and **your files and secrets won't be stored**.\n\n# Table of Contents\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Installation](#installation)\n  - [macOS](#macos)\n    - [Homebrew](#homebrew)\n    - [Standalone .pkg package](#standalone-pkg-package)\n  - [Linux](#linux)\n    - [Deb and RPM packages](#deb-and-rpm-packages)\n  - [Windows](#windows)\n    - [Standalone .zip archive](#standalone-zip-archive)\n  - [All operating systems](#all-operating-systems)\n    - [Using pipx](#using-pipx)\n    - [Using pip](#using-pip)\n- [Initial setup](#initial-setup)\n  - [Using `ggshield auth login`](#using-ggshield-auth-login)\n  - [Manual setup](#manual-setup)\n- [Getting started](#getting-started)\n  - [Secrets](#secrets)\n- [Integrations](#integrations)\n- [Learn more](#learn-more)\n- [Output](#output)\n- [Related open source projects](#related-open-source-projects)\n- [License](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n# Installation\n\n\u003c!--\nAny change made in this section must be replicated in the \"Step 1: Install\nggshield\" section of the \"Getting started\" page of ggshield public\ndocumentation.\n--\u003e\n\n## macOS\n\n### Homebrew\n\nYou can install `ggshield` using Homebrew:\n\n```shell\n$ brew install ggshield\n```\n\nUpgrading is handled by Homebrew.\n\n### Standalone .pkg package\n\nAlternatively, you can download and install a standalone .pkg package from [`ggshield` release page](https://github.com/GitGuardian/ggshield/releases).\n\nThis package _does not_ require installing Python, but you have to manually download new versions.\n\n## Linux\n\n### Deb and RPM packages\n\nDeb and RPM packages are available on [Cloudsmith](https://cloudsmith.io/~gitguardian/repos/ggshield/packages/).\n\nSetup instructions:\n\n- [Deb packages](https://cloudsmith.io/~gitguardian/repos/ggshield/setup/#formats-deb)\n- [RPM packages](https://cloudsmith.io/~gitguardian/repos/ggshield/setup/#formats-rpm)\n\nUpgrading is handled by the package manager.\n\n## Windows\n\n### Standalone .zip archive\n\nWe provide a standalone .zip archive on [`ggshield` release page](https://github.com/GitGuardian/ggshield/releases).\n\nUnpack the archive on your disk, then add the directory containing the `ggshield.exe` file to `%PATH%`.\n\nThis archive _does not_ require installing Python, but you have to manually download new versions.\n\n## All operating systems\n\n`ggshield` can be installed on all supported operating systems via its [PyPI package](https://pypi.org/project/ggshield).\n\nIt requires **a supported version of Python (not EOL)** (except for standalone packages) and git.\n\nIf you don't use our packaged versions of `ggshield`, please be aware that we follow the [Python release cycle](https://devguide.python.org/versions/) and do not support versions that have reached EOL.\n\n### Using pipx\n\nThe recommended way to install `ggshield` from PyPI is to use [pipx](https://pypa.github.io/pipx/), which will install it in an isolated environment:\n\n```shell\n$ pipx install ggshield\n```\n\nTo upgrade your installation, run:\n\n```shell\n$ pipx upgrade ggshield\n```\n\n### Using pip\n\nYou can also install `ggshield` from PyPI using pip, but this is not recommended because the installation is not isolated, so other applications or packages installed this way may affect your `ggshield` installation. This method will also not work if your Python installation is declared as externally managed (for example when using the system Python on operating systems like Debian 12):\n\n```shell\n$ pip install --user ggshield\n```\n\nTo upgrade your installation, run:\n\n```shell\n$ pip install --user --upgrade ggshield\n```\n\n# Initial setup\n\n## Using `ggshield auth login`\n\nTo use `ggshield` you need to authenticate against GitGuardian servers. To do so, use the `ggshield auth login` command. This command automates the provisioning of a personal access token and its configuration on the local workstation.\n\nYou can learn more about it from [`ggshield auth login` documentation](https://docs.gitguardian.com/internal-repositories-monitoring/ggshield/reference/auth/login).\n\n## Manual setup\n\nYou can also create your personal access token manually and store it in the `GITGUARDIAN_API_KEY` environment variable to complete the setup.\n\n# Getting started\n\n## Secrets\n\nYou can now use `ggshield` to search for secrets:\n\n- in files: `ggshield secret scan path -r .`\n- in repositories: `ggshield secret scan repo .`\n- in Docker images (`docker` command must be available): `ggshield secret scan docker ubuntu:22.04`\n- in Pypi packages (`pip` command must be available): `ggshield secret scan pypi flask`\n- and more, have a look at `ggshield secret scan --help` output for details.\n\n# Integrations\n\nYou can integrate `ggshield` in your [CI/CD workflow](https://docs.gitguardian.com/ggshield-docs/integrations/overview#cicd-integrations-secrets-detection-in-your-cicd-workflow).\n\nTo catch errors earlier, use `ggshield` as a [pre-commit, pre-push or pre-receive Git hook](https://docs.gitguardian.com/ggshield-docs/integrations/overview#git-hooks-prevent-secrets-from-reaching-your-vcs).\n\n# Learn more\n\nFor more information, have a look at [the documentation](https://docs.gitguardian.com/ggshield-docs/getting-started)\n\n# Output\n\nIf no secrets have been found, the exit code will be 0:\n\n```bash\n$ ggshield secret scan pre-commit\n```\n\nIf a secret is found in your staged code or in your CI, you will have an alert giving you the filename where the secret has been found and a patch giving you the position of the secret in the file:\n\n```shell\n$ ggshield secret scan pre-commit\n\n2 incidents have been found in file production.rb\n\n11 | config.paperclip_defaults = {\n12 |     :s3_credentials =\u003e {\n13 |     :bucket =\u003e \"XXX\",\n14 |     :access_key_id =\u003e \"XXXXXXXXXXXXXXXXXXXX\",\n                            |_____AWS Keys_____|\n\n15 |     :secret_access_key =\u003e \"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\"\n                                |_______________AWS Keys_______________|\n\n16 |     }\n17 | }\n```\n\nLines that are too long are truncated to match the size of the terminal, unless the verbose mode is used (`-v` or `--verbose`).\n\n# Related open source projects\n\n- [truffleHog](https://github.com/dxa4481/truffleHog)\n- [gitleaks](https://github.com/zricethezav/gitleaks)\n- [gitrob](https://github.com/michenriksen/gitrob)\n- [git-hound](https://github.com/tillson/git-hound)\n- [AWS git-secrets](https://github.com/awslabs/git-secrets)\n- [detect-secrets](https://github.com/Yelp/detect-secrets)\n\n# License\n\n`ggshield` is MIT licensed.\n","funding_links":[],"categories":["Secrets management"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitguardian%2Fggshield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgitguardian%2Fggshield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitguardian%2Fggshield/lists"}