Releases: GitGuardian/ggshield
1.45.0
1.44.1
Added
- Added
--insecureCLI option andinsecureconfiguration setting as clearer alternatives to--allow-self-signedandallow_self_signed. The new option explicitly communicates that SSL verification is completely disabled, making the connection vulnerable to man-in-the-middle attacks. - Added prominent warning messages when SSL verification is disabled (via either
--insecureor--allow-self-signed), explaining the security risks and recommending the secure alternative of using the system certificate trust store (available with Python >= 3.10).
Changed
- Removed Clear Linux from the OS package testing workflow as the project has been discontinued.
- Fixed Python version for PDM install in the build release workflow.
Deprecated
- The
--allow-self-signedCLI option andallow_self_signedconfiguration setting are now deprecated in favor of--insecureandinsecure. Deprecation warnings are displayed when these options are used, guiding users to the clearer alternative. Both options remain functional for backward compatibility and will be maintained for an extended deprecation period before removal.
Fixed
- Fixed crash when API returns scopes not yet recognized by py-gitguardian.
- Skip non-seekable files instead of crashing.
Security
- Improved clarity around SSL verification settings. The
--allow-self-signedoption name was misleading as it suggests certificate validation is still performed, when in reality all SSL verification is disabled. The new--insecureoption makes this behavior explicit. Both options remain functional for backward compatibility.
1.43.0
Fixed
-
Fixed PyInstaller deprecation warning when running PyInstaller-based ggshield.
-
Scanning git repositories can no longer fail with git "dubious ownership" errors.
-
Extended the range of API error status codes supported by ggshield so the UI correctly displays them.
1.42.0
Added
-
Added an additional section in
ggshieldoutputs to return vault related fields if the account setting is enabled. -
ggshieldDocker image now supports both linux/amd64 and linux/arm64 architectures (#952). -
ggshield secret scan dockernow scans more files.
Changed
ggshield secret scannow provides an--source-uuidoption. When this option is set, it will create the incidents on the GIM dashboard on the corresponding source. Note that the token should have the scopescan:create-incidents.
1.41.0
Changed
- When scanning a docker image, if no image is found matching the client platform, try to pull the
linux/amd64image.
1.40.0
Added
-
The release assets now contain a NuGet package.
-
Added a new section in
ggshieldoutputs (text and JSON) to notify if a secret is in one of the accounts' secrets managers.
Changed
ggshield secret scan dockernow scans files in/usr/src/app.
Fixed
-
Fixed a bug in the way
ggshieldobfuscated secrets that caused a crash for short secrets (#1086). -
ggshieldno longer crashes when it can't find git.
1.39.0
Added
-
ggshield is now available on Chocolatey (#934). (note: we are still awaiting manual validation from Chocolatey before the package becomes publicly available)
-
ggshield secret scanoutput now contains a link to the detector documentation for each secret found.
Fixed
- Fixed error when scanning
.tar.gzcompressed files inside docker layers.
1.38.1
Added
- ggshield can now scan .jar files using
ggshield secret scan archive.
1.38.0
Removed
- Removed support for python 3.8.
Added
- ggshield now uses the system certificates instead of the bundled ones. Note that this only works with Python >= 3.10 (#1067).
Changed
- Pre-receive hook isn't blocking anymore when GitGuardian server is temporarily unavailable (return 5xx status code).
Fixed
-
Files with emojis in their name are now handled properly.
-
Fix ggshield crashing on Windows when doing big merges (#1032).