Ggshield

Yanked: release process issue.

<a id='changelog-1.29.0'></a>

Removed

- The `--all` option of the `ggshield sca scan ci` and `ggshield iac scan ci` commands has been removed.

Added

- `ggshield secret scan path` now provides a `--use-gitignore` option to honor `.gitignore` and related files (801).

- A new secret scan command, `ggshield secret scan changes`, has been added to scan changes between the current state of a repository checkout and its default branch.

- GGShield is now available as a standalone executable on Windows.

Changed

- The behavior of the `ggshield sca scan ci` and `ggshield iac scan ci` commands have changed. These commands are now expected to run in merge-request CI pipelines only, and will compute the diff exactly associated with the merge request.

Deprecated

- Running `ggshield sca scan ci` or `ggshield iac scan ci` outside of a merge request CI pipeline is now deprecated.

Fixed

- GGShield now consumes less memory when scanning large repositories.

- Errors thrown during `ggshield auth login` flow with an invalid instance URL are handled and the stack trace is no longer displayed on the console.

- Patch symbols at the start of lines are now always displayed, even for single line secrets.

- The `ggshield auth login` command now respects the `--allow-self-signed` flag.

- GGShield now exits with a proper error message instead of crashing when it receives an HTTP response without `Content-Type` header.

<a id='changelog-1.28.0'></a>

Added

- The SCA config `ignored_vulnerabilities` option now supports taking a CVE ID as identifier.

<a id='changelog-1.27.0'></a>

Removed

- The `This feature is still in beta, its behavior may change in future versions` warning is no longer displayed for sca commands.

Added

- It is now possible to customize the remediation message printed by GGShield pre-receive hook. This can be done by setting the message in the `secret.prereceive_remediation_message` configuration key. Thanks a lot to Renizmy for this feature.

- We now provide signed .pkg files for macOS.

- Add a `This feature is still in beta, its behavior may change in future versions` warning to `ggshield iac scan all` command.

Changed

- Linux .deb and .rpm packages now use the binaries produced by pyinstaller. They no longer depend on Python.

Deprecated

- Dash-separated configuration keys are now deprecated, they should be replaced with underscore-separated keys. For example `show-secrets` should become `show_secrets`. GGShield still supports reading from dash-separate configuration keys, but it prints a warning when it finds one.

Fixed

- GGShield commands working with commits no longer fail when parsing a commit without any author.

- Configuration keys defined in the global configuration file are no longer ignored if a local configuration file exists.

- The option `--exclude PATTERN` is no longer ignored by the command `ggshield secret scan repo`.

<a id='changelog-1.26.0'></a>

Added

- `ggshield auth login` learned to create tokens with extra scopes using the `--scopes` option. Using `ggshield auth login --scopes honeytokens:write` would create a token suitable for the `ggshield honeytokens` commands.

<a id='changelog-1.25.0'></a>

Added

- It is now possible to create a honeytoken with context using the new `honeytoken create-with-context` command.

Changed

- SCA incidents ignored on the GitGuardian app will no longer show up in the scan results, in text/JSON format.

<a id='changelog-1.24.0'></a>