Releases: GitGuardian/ggshield
1.36.0
Removed
-
SCA code and commands.
-
IaC code and commands.
Fixed
-
--instanceparam now handles input https://api.eu1.gitguardian.com/v1 or https://api.gitguardian.com/v1. -
Fix
secret scan pre-commitcrashing on big merges (#1032).
1.35.0
Added
- The
--all-secretsoption to secret scans, allowing to display all found secrets, and their possible ignore reason.
Changed
-
Files contained in the
.git/directory are now scanned. Files in subdirectories such as.git/hooksare still excluded. -
When scanning commits, ggshield now ignores by default secrets that are removed or contextual to the patch.
Fixed
1.34.0
Added
-
ggshield config listcommand now supports the--jsonoption, allowing output in JSON format. -
All
secret scancommands as well as theapi-statusandquotacommands now supports the--instanceoption to allow using a different instance. -
The
api-statuscommand now prints where the API key and instance used come from.
Changed
-
ggshield api-status --jsonoutput now includes the instance URL. -
ggshield secret scan reponow usesgit clone --mirrorto retrieve more git objects. -
ggshield secret scan cinow scans all commits of a Pull Request in the following CI environments: Jenkins, Azure, Bitbucket and Drone.
Deprecated
- ggshield now prints a warning message when it is being run executed by Python 3.8.
Fixed
-
When running
ggshield secret scan ciin a GitLab CI, new commits from the target branch that are not on the feature branch will no longer be scanned. -
Take into account the
--allow-self-signedoption at all levels inggshield secret scancommands. -
When
ggshield secret scanis called with--with-incident-detailsand the token does not have the required scopes, the command now fails and an error message is printed. -
ggshield no longer fails to report secrets for patches with content in hunk header lines.
1.33.0
Changed
-
The
--debugoption now automatically turns on verbose mode. -
The
--use-gitignoreoption now also applies to single files passed as argument. -
RPM packages now depend on
git-coreinstead ofgit, reducing the number of dependencies to install (#983).
Fixed
1.32.2
1.32.1
Fixed
- Fixed a case where ggshield commit parser could fail because of the local git configuration.
1.32.0
Added
-
When scanning a merge commit,
ggshield secret scan pre-commitnow skips files that merged without conflicts. This makes merging the default branch into a topic branch much faster. You can use the--scan-all-merge-filesoption to go back to the previous behavior. -
ggshield secret scancommands now provide the--with-incident-detailsoption to output more information about known incidents (JSON and SARIF outputs only). -
It is now possible to ignore a secret manually using
ggshield secret ignore SECRET_SHA --name NAME.
Fixed
- The git commit parser has been reworked, fixing cases where commands scanning commits would fail.
1.31.0
Added
- We now provide tar.gz archives for macOS, in addition to pkg files.
Fixed
- JSON output: fixed incorrect values for line and index when scanning a file and not a patch.
1.30.2
Security
- Fixed a bug where
ggshield secret scan archivecould be passed a maliciously crafted tar archive to overwrite user files.
1.30.1
Added
-
ggshield secret scancommands can now output results in SARIF format, using the new--format sarifoption (#869). -
ggshield sca scan ciandggshield sca scan allnow support theMALICIOUSvalue for--minimum-severity
Changed
- ggshield now has the ability to display custom remediation messages on pre-commit, pre-push and pre-receive. These messages are defined in the platform and fetched from the
/metadataendpoint of the API. If no messages are set up on the platform, default remediation messages will be displayed as before.