Safety vulnerability ID: 60443
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Ggshield 1.18.0 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.
https://github.com/GitGuardian/ggshield/commit/3c67771a4d66accede14fa23dfce9ea51571e082
Latest version: 1.33.0
Detect secrets from all sources using GitGuardian's brains
Added
HMSL
- ggshield gained a new group of commands: `hmsl`, short for "Has My Secret Leaked". These commands make it possible to securely check if secrets have been leaked in a public repository.
IaC
- `ggshield iac scan` now provides three new commands for use as Git hooks:
- `ggshield iac scan pre-commit`
- `ggshield iac scan pre-push`
- `ggshield iac scan pre-receive`
They use the same arguments and options as the other `ggshield iac scan` commands.
- The new `ggshield iac scan ci` command can be used to perform IaC scans in CI environments.
It supports the same arguments as hook subcommands (in particular, `--all` to scan the whole repository).
Supported CIs are:
- Azure
- Bitbucket
- CircleCI
- Drone
- GitHub
- GitLab
- Jenkins
- Travis
SCA
- `ggshield sca scan pre-commit` now provides a `--all` option to scan all files.
- The text output of `ggshield sca` scans now includes the identifier of the SCA vulnerability.
- The new `ggshield sca scan diff` command can be used to run custom differential scans.
Other
- It is now possible to manipulate the default instance using `ggshield config`:
- `ggshield config set instance <THE_INSTANCE_URL>` defines the default instance.
- `ggshield config unset instance` removes the previously defined instance.
- The default instance can be printed with `ggshield config get instance` and `ggshield config list`.
Changed
- ggshield now requires Python 3.8.
- The IaC Github Action now runs the new `ggshield iac scan ci` command. This means the action only fails if the changes introduce a new vulnerability. To fail if any vulnerability is detected, use the `ggshield iac scan ci --all` command.
Removed
- The following options have been removed from `ggshield iac scan diff`: `--pre-commit`, `--pre-push` and `--pre-receive`. You can replace them with the new `ggshield iac scan pre-*` commands.
Fixed
- `ggshield secret scan docker` now runs as many scans in parallel as the other scan commands.
- `ggshield` now provides an easier-to-understand error message for "quota limit reached" errors (309).
- `ggshield iac scan diff` `--minimum-severity` and `--ignore-policy` options are now correctly processed.
- `ggshield secret scan` no longer tries to scan files longer than the maximum document size (561).
Security
- ggshield now depends on cryptography 41.0.3, fixing https://github.com/advisories/GHSA-jm77-qphf-c4w8.
<a id='changelog-1.17.3'></a>
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application