Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s start by learning how to navigate ggshield like any other CLI tool: through its built-in help menu. To see the top-level help, just run ggshield with no options and press enter: ggshield Any time you want help for a specific command, add -h or --help to the end of that command before hitting enter. ggshield follows a standard command-line pattern you’ll see in many tools: ggshield ... If you’re new to CLIs, here’s what that means: ggshield is the program you’re running. are the extra details the command needs, like a path or filename.

What ggshield commands are available? First is quota, which checks how many API calls you have remaining for your GitGuardian workspace: ggshield quota As a rule of thumb, Starter plans include 10,000 API calls per month, and Business and Enterprise plans start at 100,000 calls per month. Next is config, which acts like the CLI control panel. ggshield uses YAML configuration to define how the CLI behaves, and you can tune it per repository.

Now that ggshield is installed, the next step is to authenticate it with GitGuardian so it can scan and talk to the API. The most common method is browser-based login: ggshield auth login This opens your browser and prompts you to sign in through the GitGuardian dashboard. It automatically generates an access token for you and stores it safely in your local configuration. By default, the token is scoped for secret scanning, which is what most people need. We’ll revisit scopes later.

Install ggshield the right way for your OS and get scanning in minutes. In this video, we walk through the most common installation paths for macOS, Linux, and Windows, plus container options if that’s your workflow: macOS: install with Homebrew, or grab the standalone.pkg from the ggshield releases page (no Python required, but you’ll update manually). Linux: install via Deb/RPM packages available on Cloudsmith. Windows: install via Chocolatey, or download the standalone.zip from the releases page (no Python required, but you’ll update manually).

In this in-depth walkthrough, we will show you how to turn ggshield, the GitGuardian CLI, into a practical guardrail for keeping secrets out of your code and CI pipelines. You’ll see exactly how to install and authenticate ggshield, then use it to scan repositories, local paths, archives, Docker images, PyPI packages, and CI environments for hardcoded credentials. We’ll also walk through configuring Git hooks with ggshield install.