Guardy
🔍 Scan

🔗 Integration

Integrate scanner with Git hooks and CI/CD pipelines

Git Hooks

Automatically scan on commit:

# .guardy.yaml
hooks:
  pre-commit:
    builtin: ["scan_secrets"]
    # Scans only staged files

CI/CD Pipeline

# .gitlab-ci.yml
security:scan:
  stage: test
  script:
    - guardy scan --format json > scan-results.json
  artifacts:
    reports:
      secret_scanning: scan-results.json
  only:
    - merge_requests
# .github/workflows/security.yml
name: Security Scan
on: [pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Guardy
        run: |
          curl -sSf https://guardy.run | sh
      - name: Run scan
        run: |
          guardy scan --format json > results.json
      - name: Upload results
        uses: actions/upload-artifact@v3
        with:
          name: scan-results
          path: results.json
pipeline {
  stages {
    stage('Security Scan') {
      steps {
        sh 'guardy scan --format json > scan-results.json'
        publishHTML([
          reportDir: '.',
          reportFiles: 'scan-results.json',
          reportName: 'Secret Scan Report'
        ])
      }
    }
  }
}

⚙️ Options

Scanner-specific configuration options

🚫 Ignoring Secrets

How to exclude files and suppress false positives

On this page

Git HooksCI/CD Pipeline