🔍 Scan

👨‍🍳 Cookbook

Practical examples and workflows for secret scanning

Basic Scanning

# Scan everything
guardy scan

# Scan specific directory
guardy scan src/

# Scan multiple paths
guardy scan src/ config/ .env

Output Formats

# Default text output
guardy scan

# Output:
🛡️ Guardy Secret Scanner v0.2.3
Scanning 142 files...

❌ Secret detected in config/prod.env
   Type: AWS Access Key
   Line: 3
   Confidence: High (0.95)
   Context:
     2 | # Production settings
   > 3 | AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
     4 | AWS_SECRET_ACCESS_KEY=...

✗ Found 1 secret in 142 files

# JSON output for CI/CD
guardy scan --format json

# Output:
{
  "version": "0.3.0",
  "scanned_files": 142,
  "findings": [
    {
      "file": "config/prod.env",
      "line": 3,
      "column": 18,
      "type": "AWS Access Key",
      "confidence": 0.95,
      "severity": "high",
      "match": "AKIAIOSFODNN7EXAMPLE"
    }
  ]
}

# HTML report
guardy scan --format html > report.html

# Opens a detailed HTML report with:
# - Summary statistics
# - Findings by severity
# - Code context
# - Remediation suggestions

Advanced Options

# Verbose output with timing
guardy scan --verbose

# Scan with custom config
guardy scan --config custom-guardy.yaml

# Scan only staged files (for pre-commit)
guardy scan --staged

# Scan with specific patterns only
guardy scan --patterns aws,github,stripe

# Set confidence threshold
guardy scan --min-confidence 0.8

# Limit number of threads
guardy scan --threads 4

🚫 Ignoring Secrets

How to exclude files and suppress false positives

📋 Overview

Keep security configurations in sync across repositories

On this page

Basic Scanning Output Formats Advanced Options