Ggshield

Fixed

- `ggshield secret scan pre-receive` no longer scans deleted commits when a branch is force-pushed (437).

- If many GGShield users are behind the same IP address, the daily update check could cause GitHub to rate-limit the IP. If this happens, GGShield honors GitHub rate-limit headers and no longer checks for a new update until the rate-limit is lifted (449).

- GGShield once again prints a "No secrets have been found" message when a scan does not find any secret (448).

- Installing GGShield no longer creates a "tests" directory in "site-packages" (383).

- GGShield now shows a clear error message when it cannot use git in a repository because of dubious ownership issues.

Deprecated

- The deprecation message when using `ggshield scan` instead of `ggshield secret scan` now states the `ggshield scan` commands are going to be removed in GGShield 1.15.0.

<a id='changelog-1.14.2'></a>

Changed

- It is now possible to use generic command-line options like `--verbose` anywhere on the command line and scan options anywhere after the `scan` word (197).

- `ggshield iac scan` now shows the severity of the detected vulnerabilities.

Fixed

- If a file containing secrets has been committed in two different branches, then `ggshield secret scan repo` would show 4 secrets instead of 2. This has been fixed (428).

- ggshield now uses different error codes when a scan succeeds but finds problems and when a scan does not finish (404).

- ggshield now correctly handles the case where git is not installed (329).

<a id='changelog-1.14.1'></a>

Fixed

- Fixed dependency on pygitguardian, which blocked the release on pypi.

<a id='changelog-1.14.0'></a>

Added

- ggshield scan commands now accept the `--ignore-known-secrets` option. This option is useful when working on an existing code-base while secrets are being remediated.

- ggshield learned a new secret scan command: `docset`. This command can scan any content as long as it has been converted into our new docset file format.

Changed

- `ggshield auth login --method=token` can now read its token from the standard input.

Fixed

- ggshield now prints clearer error messages if the .gitguardian.yaml file is invalid (377).

- When used with the [pre-commit](https://pre-commit.com) framework, ggshield would sometimes scan commits with many files more than once. This has been fixed.

<a id='changelog-1.13.6'></a>

Fixed

- `ggshield auth login` no longer fails when called with `--lifetime`.

- pre-receive and pre-push hooks now correctly handle the case where a branch with no new commits is pushed.

- ggshield no longer fails when scanning paths longer than 256 characters (391).

<a id='changelog-1.13.5'></a>

Fixed

- Fix crash at startup if the home directory is not writable.

<a id='changelog-1.13.4'></a>