Add cmd to scan changes between the default branch and the current state (commits + staged) - Githubissues

GitGuardian / ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

https://gitguardian.com

MIT License

1.65k stars 147 forks source link

Add cmd to scan changes between the default branch and the current state (commits + staged) #891

Closed Walz closed 4 months ago

Walz commented 4 months ago

Context

Add a command to scan the change between the current state and the default branch. Useful to check a feature branch does not add any new secret.

The naming (changes) may be discussed.

What has been done

Add an util to list the remotes
Add an util to get the default branch
Add a changes command under secret scan

Validation

Clone a repository
Checkout an un-merged feature branch
Run ggshield secret scan changes

$ git clone git@github.com:GitGuardian/ggshield.git
$ git checkout sguillaume/secret-scan-change
$ ggshield secret scan change
Scanning... ━━━━━━━━━━━━━━━━━━ 100% 2 / 2

No secrets have been found

PR check list

[x] As much as possible, the changes include tests (unit and/or functional)
[x] If the changes affect the end user (new feature, behavior change, bug fix) then the PR has a changelog entry (see doc/dev/getting-started.md). If the changes do not affect the end user, then the skip-changelog label has been added to the PR.

Walz commented 4 months ago

I've renamed the command "changes" and get_default_branch now returns the remote ref to the default branch, i.e. origin/main. This prevent scanning old commits when you did not recently update your local version of the default branch.