Download
GitGuardian’s ggshield is an open-source command-line interface (CLI) tool designed to help developers and security teams detect hardcoded secrets and sensitive credentials early in the development process, either locally or in CI/CD pipelines. It scans source code, configuration files, commit history, and other artifacts to automatically detect hundreds of different secret types — such as API keys, tokens, and passwords — helping prevent accidental leaks before they reach version control or production environments. ggshield can be used interactively on a developer’s machine, integrated as a pre-commit or pre-push git hook, and run as part of automated build or merge workflows to enforce security policies consistently across teams. It works across major operating systems using Python, and offers standalone packaged binaries for environments where Python isn’t available, making it adaptable to a wide range of developer setups.
Features
- Detects 400+ types of hardcoded secrets
- Works locally and in CI/CD environments
- Supports git pre-commit and pre-push hooks
- Standalone binaries available across OSes
- Configurable scanning rules
- Integratable with reporting and alerting systems
Project Samples
