Ggshield

Changed

- `ggshield secret scan` output now includes a link to the incident if the secret is already known on the user's GitGuardian dashboard.

- `ggshield secret scan docker` no longer rescans known-clean layers, speeding up subsequent scans. This cache is tied to GitGuardian secrets engine version, so all layers are rescanned when a new version of the secrets engine is deployed.

Fixed

- Fixed an issue where the progress bar for `ggshield secret scan` commands would sometimes reach 100% too early and then stayed stuck until the end of the scan.

Removed

- The deprecated commands `ggshield scan` and `ggshield ignore` have been removed. Use `ggshield secret scan` and `ggshield secret ignore` instead.

<a id='changelog-1.14.5'></a>

Changed

- `ggshield iac scan` can now be called without arguments. In this case it scans the current directory.

- GGShield now displays an easier-to-understand error message when no API key has been set.

Fixed

- Fixed GGShield not correctly reporting misspelled configuration keys if the key name contained `-` characters (480).

- When called without an image tag, `ggshield secret scan docker` now automatically uses the `:latest` tag instead of scanning all versions of the image (468).

- `ggshield secret scan` now properly stops with an error message when the GitGuardian API key is not set or invalid (456).

<a id='changelog-1.14.4'></a>

Fixed

- GGShield Docker image can now be used to scan git repositories even if the repository is mounted outside of the /data directory.

- GGShield commit hook now runs correctly when triggered from Visual Studio (467).

<a id='changelog-1.14.3'></a>

Fixed

- `ggshield secret scan pre-receive` no longer scans deleted commits when a branch is force-pushed (437).

- If many GGShield users are behind the same IP address, the daily update check could cause GitHub to rate-limit the IP. If this happens, GGShield honors GitHub rate-limit headers and no longer checks for a new update until the rate-limit is lifted (449).

- GGShield once again prints a "No secrets have been found" message when a scan does not find any secret (448).

- Installing GGShield no longer creates a "tests" directory in "site-packages" (383).

- GGShield now shows a clear error message when it cannot use git in a repository because of dubious ownership issues.

Deprecated

- The deprecation message when using `ggshield scan` instead of `ggshield secret scan` now states the `ggshield scan` commands are going to be removed in GGShield 1.15.0.

<a id='changelog-1.14.2'></a>

Changed

- It is now possible to use generic command-line options like `--verbose` anywhere on the command line and scan options anywhere after the `scan` word (197).

- `ggshield iac scan` now shows the severity of the detected vulnerabilities.

Fixed

- If a file containing secrets has been committed in two different branches, then `ggshield secret scan repo` would show 4 secrets instead of 2. This has been fixed (428).

- ggshield now uses different error codes when a scan succeeds but finds problems and when a scan does not finish (404).

- ggshield now correctly handles the case where git is not installed (329).

<a id='changelog-1.14.1'></a>

Fixed

- Fixed dependency on pygitguardian, which blocked the release on pypi.

<a id='changelog-1.14.0'></a>