Skip to content

feat: add ggshield linter for secret detection #1104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fsargent wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: add ggshield linter for secret detection #1104

fsargent wants to merge 5 commits into from

Conversation

@fsargent
Copy link
Contributor

@fsargent fsargent commented Dec 12, 2025

Summary

Adds GitGuardian CLI (ggshield) plugin for detecting hardcoded secrets in codebases.

Changes

  • Added ggshield plugin configuration with standalone executable downloads
  • Supports macOS (arm64, x86_64), Linux (x86_64), and Windows (x86_64)
  • Includes custom SARIF parser for converting ggshield JSON output
  • Adds test suite with snapshot validation
  • Updates README.md to include ggshield in Security tools section
  • Updates config check test snapshot to include ggshield

Features

  • Scans all files for 450+ types of hardcoded secrets
  • Uses standalone executables (no Python runtime required)
  • Supports authentication via GITGUARDIAN_API_KEY environment variable
  • Configurable via .gitguardian.yaml or .ggshield.yaml files
  • Properly handles recursive directory scanning with strip_components

Testing

  • ✅ Plugin configuration validates
  • ✅ Test suite passes with snapshot
  • ✅ Successfully detects secrets in test data
  • ✅ Follows Trunk plugin best practices
  • ✅ Config check test updated (all 224 repo tests passing)

Documentation

  • Added README.md with setup and usage instructions
  • Includes authentication setup guidance
  • Documents configuration options

@fsargent fsargent force-pushed the add-ggshield-linter branch from 2e96754 to ac8d5f4 Compare December 12, 2025 12:34
@fsargent
feat: add ggshield linter for secret detection
6c91a1b 
- Add ggshield plugin for GitGuardian CLI secret scanning
- Supports standalone executable downloads for macOS, Linux, and Windows
- Includes SARIF parser for Trunk integration
- Adds test suite with snapshot validation
- Requires GITGUARDIAN_API_KEY for authentication
@fsargent fsargent force-pushed the add-ggshield-linter branch from ac8d5f4 to 6c91a1b Compare December 12, 2025 12:37
@fsargent fsargent force-pushed the add-ggshield-linter branch from 921183f to 8628255 Compare December 16, 2025 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fsargent