Fixed

• Fixed PyInstaller deprecation warning when running PyInstaller-based ggshield.

• Scanning git repositories can no longer fail with git "dubious ownership" errors.

• Extended the range of API error status codes supported by ggshield so the UI correctly displays them.

Added

• Added an additional section in ggshield outputs to return vault related fields if the account setting is enabled.

• ggshield Docker image now supports both linux/amd64 and linux/arm64 architectures (#952).

• ggshield secret scan docker now scans more files.

Changed

• ggshield secret scan now provides an --source-uuid option. When this option is set, it will create the incidents on the GIM dashboard on the corresponding source. Note that the token should have the scope scan:create-incidents.

Changed

• When scanning a docker image, if no image is found matching the client platform, try to pull the linux/amd64 image.

Added

• The release assets now contain a NuGet package.

• Added a new section in ggshield outputs (text and JSON) to notify if a secret is in one of the accounts' secrets managers.

Changed

• ggshield secret scan docker now scans files in /usr/src/app.

Fixed

• Fixed a bug in the way ggshield obfuscated secrets that caused a crash for short secrets (#1086).

• ggshield no longer crashes when it can't find git.

Added

• ggshield is now available on Chocolatey (#934). (note: we are still awaiting manual validation from Chocolatey before the package becomes publicly available)

• ggshield secret scan output now contains a link to the detector documentation for each secret found.

Fixed

• Fixed error when scanning .tar.gz compressed files inside docker layers.

Added

• ggshield can now scan .jar files using ggshield secret scan archive.

Removed

• Removed support for python 3.8.

Added

• ggshield now uses the system certificates instead of the bundled ones. Note that this only works with Python >= 3.10 (#1067).

Changed

• Pre-receive hook isn't blocking anymore when GitGuardian server is temporarily unavailable (return 5xx status code).

Fixed

• Files with emojis in their name are now handled properly.

• Fix ggshield crashing on Windows when doing big merges (#1032).

Fixed

• ggshield secret scan docker now correctly handles ignored paths (#548).

Removed

• SCA code and commands.

• IaC code and commands.

Fixed

• --instance param now handles input https://api.eu1.gitguardian.com/v1 or https://api.gitguardian.com/v1.

• Fix secret scan pre-commit crashing on big merges (#1032).

Added

• The --all-secrets option to secret scans, allowing to display all found secrets, and their possible ignore reason.

Changed

• Files contained in the .git/ directory are now scanned. Files in subdirectories such as .git/hooks are still excluded.

• When scanning commits, ggshield now ignores by default secrets that are removed or contextual to the patch.

Fixed

• Handle trailing content in multi-parent hunk header.

• Installing ggshield from the release RPM on EL9 failed because of a missing library. This is now fixed (#1036).

• Fix Visual Studio not being able to show error messages from ggshield pre-commit (#170).