scan
Scan git history, directories, and files for secrets
infisical scan
# Display the full secret findings
infisical scan --verbose
Description
The infisical scan
command serves to scan repositories, directories, and files. It’s compatible with both individual developer machines and Continuous Integration (CI) environments.
When you run infisical scan
on a Git repository, Infisical will parses the output of a git log -p
command. This command generates patches that Infisical uses to identify secrets in your code.
You can configure the range of commits that git log
will cover using the --log-opts
flag.
Any options you can use with git log -p
are valid for --log-opts
.
For instance, to instruct Infisical to scan a specific range of commits, use the following command: infisical scan --log-opts="--all commitA..commitB"
. For more details, refer to the Git log documentation.
To scan individual files and directories, use the --no-git
flag.
Flags
Was this page helpful?