GitGuardian Shield CircleCI Orb
Find exposed credentials in your commits using GitGuardian shield.
The GitGuardian shield (gg-shield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 200 types of secrets, as well as other potential security vulnerabilities or policy breaks.
GitGuardian shield uses our public API through py-gitguardian to scan your files and detect potential secrets or issues in your code. The /v1/scan endpoint of the public API is stateless. We will not store any files you are sending or any secrets we have detected.
You'll need an API Key from GitGuardian to use gg-shield.
To add GitGuardian shield to your pipelines configure your .circleci/config.yml to add the ggshield orb:
version: 2.1
orbs:
ggshield: gitguardian/ggshield@volatile
workflows:
main:
jobs:
- ggshield/scan:
name: ggshield-scan # best practice is to name each orb job
base_revision: <<pipeline.git.base_revision>>
revision: <<pipeline.git.revision>>Do not forget to add your GitGuardian API Key to the GITGUARDIAN_API_KEY environment variable in your project settings.
This project is licensed under the MIT License - read LICENSE file for details.