# Install ggshield with Homebrew, Nix

Scanner for secrets and sensitive data in code. Version 1.52.2 via Homebrew; verified 2026-06-21.

## Install

```sh
sudo av install brew:ggshield
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install ggshield
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#ggshield
```

  Evidence: nixpkgs package indexes: pkgs/by-name/gg/ggshield/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:ggshield
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/ggshield>
- **Version:** 1.52.2
- **Source summary:** Scanner for secrets and sensitive data in code
- **Homepage:** <https://www.gitguardian.com>
- **Upstream docs:** <https://docs.gitguardian.com/ggshield-docs/getting-started>
- **License:** MIT
- **Source archive:** <https://files.pythonhosted.org/packages/9d/f9/3f2b594156cda7ed2afba978daec90fc0fad5023a1896aacf120f259f9a1/ggshield-1.52.2.tar.gz>
- **Last updated:** 2026-06-21T14:25:28Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- ggshield (cli)
- ggshield (alias)

## Dependencies

- certifi
- cryptography
- libyaml
- openssl@3
- pydantic
- python@3.14

## Build dependencies

- pkgconf
- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.52.2
- Package-manager updated: 2026-06-21
- Local data: ok
- Upstream repository: https://www.gitguardian.com
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

ggshield is GitGuardian's open-source command-line scanner for detecting hardcoded secrets and sensitive data before they reach source-control history or CI artifacts.

### Project history

GitGuardian opened the ggshield repository in April 2020 and published the early 1.0.x release line soon afterward. The project is built as the local and CI-facing companion to GitGuardian's secret-detection service, using the GitGuardian public API through the py-gitguardian client.

### Adoption history

The tool gained adoption through several security workflows rather than one single editor or platform: local scans, pre-commit and pre-push hooks, CI/CD jobs, GitHub Actions, GitLab, Jenkins, Docker-image scans, package scans, and packaged distribution through PyPI, Homebrew, Chocolatey, Cloudsmith packages, and standalone installers.

### How it is used

Practitioners authenticate with `ggshield auth login` or an API key, then scan paths, repositories, staged changes, Docker images, package artifacts, or CI workspaces. Teams commonly install it as a pre-commit, pre-push, or pre-receive hook so leaked credentials are blocked before they enter shared repositories.

### Why package nerds care

For package ecosystems, ggshield is notable because it packages a SaaS-backed security control as a normal developer CLI: it can be installed by a package manager, run in a hook, and produce exit codes that fit standard CI pipelines.

### Timeline

- 2020: The GitGuardian ggshield repository was created.
- 2020: The 1.0.x release line appeared in the GitHub release feed.
- 2026: The release feed showed the 1.52 series.

### Related projects

- ggshield is closely tied to GitGuardian's public API and py-gitguardian client, and it overlaps operationally with pre-commit, CI/CD systems, and repository-hosting security workflows.

### Sources

- <https://api.github.com/repos/GitGuardian/ggshield>
- <https://api.github.com/repos/GitGuardian/ggshield/releases>
- <https://docs.gitguardian.com/ggshield-docs/getting-started>
- <https://docs.gitguardian.com/ggshield-docs/integrations/overview>
- <https://formulae.brew.sh/formula/ggshield>
- <https://github.com/GitGuardian/ggshield>
- <https://pypi.org/project/ggshield/>
- <https://raw.githubusercontent.com/GitGuardian/ggshield/main/README.md>


## Security Notes

No matching local secret-handling manifest was found for ggshield. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.gitguardian.yaml, ./.gitguardian.yaml
- Windows: %USERPROFILE%\.gitguardian.yaml, .\.gitguardian.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** ggshield
- **Version Scheme:** 0
- **Revision:** 1
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - ggshield: normalized package name match | nixpkgs package indexes: pkgs/by-name/gg/ggshield/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Database and data packages](https://www.automicvault.com/pkg/database-data-tools/) - Matched database, SQL, migration, or data-store metadata.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [noseyparker](https://www.automicvault.com/pkg/brew/noseyparker/) - Shares av.db curated category or tags: cli, secrets-scanning, security.
- [trufflehog](https://www.automicvault.com/pkg/brew/trufflehog/) - Shares av.db curated category or tags: cli, secrets-scanning, security.
- [talisman](https://www.automicvault.com/pkg/brew/talisman/) - Shares av.db curated category or tags: cli, devsecops, secrets-scanning, security.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, devsecops, security.
- [cycode](https://www.automicvault.com/pkg/brew/cycode/) - Shares av.db curated category or tags: cli, devsecops, secrets-scanning, security.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Shares av.db curated category or tags: cli, devsecops, security.
- [git-secrets](https://www.automicvault.com/pkg/brew/git-secrets/) - Shares av.db curated category or tags: cli, git-hooks, security.
- [gitleaks](https://www.automicvault.com/pkg/brew/gitleaks/) - Shares av.db curated category or tags: cli, devsecops, security.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, cryptography, libyaml, openssl.

## Combined YAML source

View the package source record on GitHub. [combined/ggshield.yml](https://github.com/automic-vault/db/blob/main/combined/ggshield.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
