1.42.0

Added

• Added an additional section in ggshield outputs to return vault related fields if the account setting is enabled.

• ggshield Docker image now supports both linux/amd64 and linux/arm64 architectures (#952).

• ggshield secret scan docker now scans more files.

Changed

• ggshield secret scan now provides an --source-uuid option. When this option is set, it will create the incidents on the GIM dashboard on the corresponding source. Note that the token should have the scope scan:create-incidents.

1.41.0

Changed

• When scanning a docker image, if no image is found matching the client platform, try to pull the linux/amd64 image.

1.40.0

Added

• The release assets now contain a NuGet package.

• Added a new section in ggshield outputs (text and JSON) to notify if a secret is in one of the accounts' secrets managers.

Changed

• ggshield secret scan docker now scans files in /usr/src/app.

Fixed

• Fixed a bug in the way ggshield obfuscated secrets that caused a crash for short secrets (#1086).

• ggshield no longer crashes when it can't find git.

1.39.0

Added

• ggshield is now available on Chocolatey (#934). (note: we are still awaiting manual validation from Chocolatey before the package becomes publicly available)

• ggshield secret scan output now contains a link to the detector documentation for each secret found.

Fixed

• Fixed error when scanning .tar.gz compressed files inside docker layers.

1.38.1

Added

• ggshield can now scan .jar files using ggshield secret scan archive.

1.38.0

Removed

• Removed support for python 3.8.

Added

• ggshield now uses the system certificates instead of the bundled ones. Note that this only works with Python >= 3.10 (#1067).

Changed

• Pre-receive hook isn't blocking anymore when GitGuardian server is temporarily unavailable (return 5xx status code).

Fixed

• Files with emojis in their name are now handled properly.

• Fix ggshield crashing on Windows when doing big merges (#1032).

1.37.0

Fixed

• ggshield secret scan docker now correctly handles ignored paths (#548).

1.36.0

Removed

• SCA code and commands.

• IaC code and commands.

Fixed

• --instance param now handles input https://api.eu1.gitguardian.com/v1 or https://api.gitguardian.com/v1.

• Fix secret scan pre-commit crashing on big merges (#1032).

1.35.0

Added

• The --all-secrets option to secret scans, allowing to display all found secrets, and their possible ignore reason.

Changed

• Files contained in the .git/ directory are now scanned. Files in subdirectories such as .git/hooks are still excluded.

• When scanning commits, ggshield now ignores by default secrets that are removed or contextual to the patch.

Fixed

• Handle trailing content in multi-parent hunk header.

• Installing ggshield from the release RPM on EL9 failed because of a missing library. This is now fixed (#1036).

• Fix Visual Studio not being able to show error messages from ggshield pre-commit (#170).

1.34.0

Added

• ggshield config list command now supports the --json option, allowing output in JSON format.

• All secret scan commands as well as the api-status and quota commands now supports the --instance option to allow using a different instance.

• The api-status command now prints where the API key and instance used come from.

Changed

• ggshield api-status --json output now includes the instance URL.

• ggshield secret scan repo now uses git clone --mirror to retrieve more git objects.

• ggshield secret scan ci now scans all commits of a Pull Request in the following CI environments: Jenkins, Azure, Bitbucket and Drone.

Deprecated

• ggshield now prints a warning message when it is being run executed by Python 3.8.

Fixed

• When running ggshield secret scan ci in a GitLab CI, new commits from the target branch that are not on the feature branch will no longer be scanned.

• Take into account the --allow-self-signed option at all levels in ggshield secret scan commands.

• When ggshield secret scan is called with --with-incident-details and the token does not have the required scopes, the command now fails and an error message is printed.

• ggshield no longer fails to report secrets for patches with content in hunk header lines.