{"id":20494856,"url":"https://github.com/gitguardian/ggshield-action","last_synced_at":"2026-02-18T10:07:17.107Z","repository":{"id":37823128,"uuid":"272400318","full_name":"GitGuardian/ggshield-action","owner":"GitGuardian","description":"GitGuardian Shield GitHub Action - Find exposed credentials in your commits","archived":false,"fork":false,"pushed_at":"2025-04-29T13:52:15.000Z","size":212,"stargazers_count":338,"open_issues_count":3,"forks_count":23,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-05-15T13:08:59.599Z","etag":null,"topics":["ci","devops","devsecops","gitguardian","github-actions","secrets-detection","security-tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GitGuardian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-06-15T09:46:35.000Z","updated_at":"2025-05-10T17:06:49.000Z","dependencies_parsed_at":"2024-04-30T14:45:17.558Z","dependency_job_id":"6f78d926-7b69-4ef0-9a47-f40ca3fecbcd","html_url":"https://github.com/GitGuardian/ggshield-action","commit_stats":{"total_commits":65,"total_committers":10,"mean_commits":6.5,"dds":0.5692307692307692,"last_synced_commit":"4b450617504f2a3e1b58cbf0214f7ad3108cdab7"},"previous_names":[],"tags_count":40,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GitGuardian%2Fggshield-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GitGuardian","download_url":"https://codeload.github.com/GitGuardian/ggshield-action/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254346623,"owners_count":22055808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","devops","devsecops","gitguardian","github-actions","secrets-detection","security-tools"],"created_at":"2024-11-15T17:43:24.840Z","updated_at":"2026-02-18T10:07:17.071Z","avatar_url":"https://github.com/GitGuardian.png","language":null,"readme":"\u003ca href=\"https://gitguardian.com/\"\u003e\u003cimg src=\"https://cdn.jsdelivr.net/gh/gitguardian/ggshield-action/doc/logo.svg\"\u003e\u003c/a\u003e\n\n---\n\n# [GitGuardian Shield](https://github.com/GitGuardian/ggshield) GitHub Action\n\n[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v1-undefined.svg?logo=github\u0026logoColor=white\u0026style=for-the-badge)](https://github.com/marketplace/actions/gitguardian-shield-action)\n[![Docker Image Version (latest semver)](https://img.shields.io/docker/v/gitguardian/ggshield?color=1B2D55\u0026sort=semver\u0026style=for-the-badge\u0026label=ggshield)](https://hub.docker.com/r/gitguardian/ggshield)\n[![License](https://img.shields.io/github/license/GitGuardian/ggshield-action?color=%231B2D55\u0026style=for-the-badge)](LICENSE)\n![GitHub stars](https://img.shields.io/github/stars/gitguardian/ggshield-action?color=%231B2D55\u0026style=for-the-badge)\n\nFind exposed credentials in your commits using [**GitGuardian shield**](https://github.com/GitGuardian/ggshield).\n\nThe **GitGuardian shield** (ggshield) is a CLI application that runs in your local environment\nor in a CI environment to help you detect more than 400 types of secrets, as well as other potential security vulnerabilities or policy breaks.\n\n**GitGuardian shield** uses our [public API](https://api.gitguardian.com/doc) through [py-gitguardian](https://github.com/GitGuardian/py-gitguardian) to scan your files and detect potential secrets or issues in your code. **The `/v1/scan` endpoint of the [public API](https://api.gitguardian.com/doc) is stateless. We will not store any files you are sending or any secrets we have detected**.\n\n## Requirements\n\n- A GitGuardian account. [**Sign up now**](https://dashboard.gitguardian.com/api/v1/auth/user/github_login/authorize?utm_source=github\u0026utm_medium=gg_shield\u0026utm_campaign=shield1) if you haven't before!\n- A GitGuardian API Key. You can create your API Key [**here**](https://dashboard.gitguardian.com/api/v1/auth/user/github_login/authorize?utm_source=github\u0026utm_medium=gg_shield\u0026utm_campaign=shield1). The only required scope is `scan`.\n\n## Usage\n\nAdd a new job to your GitHub workflow using the `GitGuardian/ggshield-action` action.\n\n```yaml\nname: GitGuardian scan\n\non: [push, pull_request]\n\njobs:\n  scanning:\n    name: GitGuardian scan\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n        with:\n          fetch-depth: 0 # fetch all history so multiple commits can be scanned\n      - name: GitGuardian scan\n        uses: GitGuardian/ggshield-action@v1\n        env:\n          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}\n          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}\n          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}\n          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}\n```\n\nAdd your [GitGuardian API Key](https://dashboard.gitguardian.com/api/v1/auth/user/github_login/authorize?utm_source=github\u0026utm_medium=gg_shield\u0026utm_campaign=shield1) to the `GITGUARDIAN_API_KEY` secret in your project settings.\n\n## Adding extra options to the action\n\nThe action accepts the same extra options as the `ggshield secret scan ci` command. Here is the [command reference](https://docs.gitguardian.com/ggshield-docs/reference/secret/scan/ci).\n\nExample:\n\n```yaml\nname: GitGuardian scan\n\non: [push, pull_request]\n\njobs:\n  scanning:\n    name: GitGuardian scan\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n        with:\n          fetch-depth: 0 # fetch all history so multiple commits can be scanned\n      - name: GitGuardian scan\n        uses: GitGuardian/ggshield-action@v1\n        with:\n          args: -v --ignore-known-secrets\n        env:\n          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}\n          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}\n          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}\n          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}\n```\n\n## Examples of GitGuardian scanning\n\n![Scan output example](https://cdn.statically.io/gh/GitGuardian/ggshield-action/51c86f8a/doc/example_output.png)\n\nThis a sample scan result from **GitGuardian shield**.\n\nIf the secret detected has been revoked and you do not wish to rewrite git history, you can use a value of the policy break (for example: the value of `|_password_|`) or the ignore SHA displayed in your `.gitguardian.yaml` under `matches-ignore`.\n\nAn example configuration file is available [here](https://github.com/GitGuardian/ggshield/blob/main/.gitguardian.example.yml).\n\n![Status example](https://cdn.statically.io/gh/GitGuardian/ggshield-action/51c86f8a/doc/status.png)\n\nIf there are secret leaks or other security issues in your commit your workflow will be marked as failed.\n\nBe sure to add `GitGuardian scan` to your required status checks in your repository settings to stop pull requests with security issues from being merged.\n\n# License\n\n**GitGuardian shield** is MIT licensed.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitguardian%2Fggshield-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgitguardian%2Fggshield-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitguardian%2Fggshield-action/lists"}