Ggshield

Fixed

- Fixed a regression introduced in ggshield 1.32.1, which made `ggshield install -m global` crash (972).

<a id='changelog-1.32.1'></a>

Fixed

- Fixed a case where ggshield commit parser could fail because of the local git configuration.

<a id='changelog-1.32.0'></a>

Added

- When scanning a merge commit, `ggshield secret scan pre-commit` now skips files that merged without conflicts. This makes merging the default branch into a topic branch much faster. You can use the `--scan-all-merge-files` option to go back to the previous behavior.

- `ggshield secret scan` commands now provide the `--with-incident-details` option to output more information about known incidents (JSON and SARIF outputs only).

- It is now possible to ignore a secret manually using `ggshield secret ignore SECRET_SHA --name NAME`.

Fixed

- The git commit parser has been reworked, fixing cases where commands scanning commits would fail.

<a id='changelog-1.31.0'></a>

Added

- We now provide tar.gz archives for macOS, in addition to pkg files.

Fixed

- JSON output: fixed incorrect values for line and index when scanning a file and not a patch.

<a id='changelog-1.30.2'></a>

Security

- Fixed a bug where `ggshield secret scan archive` could be passed a maliciously crafted tar archive to overwrite user files.

<a id='changelog-1.30.1'></a>

Added

- `ggshield secret scan` commands can now output results in [SARIF format](https://sarifweb.azurewebsites.net/), using the new `--format sarif` option (#869).

- `ggshield sca scan ci` and `ggshield sca scan all` now support the `MALICIOUS` value for `--minimum-severity`

Changed

- ggshield now has the ability to display custom remediation messages on pre-commit, pre-push and pre-receive. These messages are defined in the platform and fetched from the `/metadata` endpoint of the API. If no messages are set up on the platform, default remediation messages will be displayed as before.

<a id='changelog-1.30.0'></a>