Integrate GitGuardian with Vulnetix via the ggshield CLI. Scan git history, files, CI pipelines, and container images for hardcoded secrets. Export findings as SARIF for upload to Vulnetix.
SaaS platformSARIFJSON
Install & scan
$ # Recommended — run without global install uv run --with ggshield ggshield --version # Install globally with pip pip install ggshield # Or with pipx pipx install ggshield $ # Scan a git repository (full history) ggshield secret scan repo . --output ggshield.sarif --format sarif # Scan current directory files (no git history) ggshield secret scan path . --recursive --output ggshield.sarif --format sarif
Run GitGuardian in CI
Scan on every push and upload the results to Vulnetix:
- name: GitGuardian Shield scan
uses: GitGuardian/ggshield-action@v1
env:
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
with:
args: secret scan ci --format sarif --output ggshield.sarif
- name: Upload to Vulnetix
run: vulnetix upload --file ggshield.sarif
Centralise GitGuardian results in Vulnetix
Upload GitGuardian SARIF, JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.