{"id":6797,"library":"pygitguardian","title":"pygitguardian","description":"pygitguardian is the official Python client library for the GitGuardian API, allowing developers to detect over 200 types of secrets and other security vulnerabilities in text content. It is actively developed with frequent releases, currently at version 1.29.0.","status":"active","version":"1.29.0","language":"en","source_language":"en","source_url":"https://github.com/GitGuardian/py-gitguardian","tags":["security","secrets-detection","api-wrapper","gitguardian"],"install":[{"cmd":"pip install pygitguardian","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"HTTP client for making API requests.","package":"requests"},{"reason":"Used for request (de)serialization and input validation.","package":"marshmallow"}],"imports":[{"note":"The primary client for interacting with the GitGuardian API.","symbol":"GGClient","correct":"from pygitguardian import GGClient"},{"note":"A model used for handling API response details, such as error messages.","symbol":"Detail","correct":"from pygitguardian.models import Detail"}],"quickstart":{"code":"import os\nfrom pygitguardian import GGClient\nfrom pygitguardian.models import ScanResult\n\n# It is highly recommended to use environment variables for API keys.\n# Replace 'YOUR_GITGUARDIAN_API_KEY' with your actual environment variable name if different.\napi_key = os.environ.get('GITGUARDIAN_API_KEY', '')\n\nif not api_key:\n    print(\"Error: GITGUARDIAN_API_KEY environment variable not set.\")\n    exit(1)\n\nclient = GGClient(api_key=api_key)\n\ndocument_to_scan = \"\"\" \nThis is some example content.\nIt might contain sensitive information like a password: mysecretpassword123\nor an API key: sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n\"\"\"\n\ntry:\n    # Check the health of the API and the API key used first\n    health_check_result = client.health_check()\n    if not health_check_result.success:\n        print(f\"API Health Check failed: {health_check_result.detail}\")\n        exit(1)\n    print(\"API Health Check successful.\")\n\n    scan_result: ScanResult = client.content_scan(document_to_scan)\n\n    if scan_result.has_secrets:\n        print(\"Secrets found in the document!\")\n        for incident in scan_result.incidents:\n            print(f\"  Incident type: {incident.type}\")\n            for pb in incident.policy_breaks:\n                print(f\"    Policy Break: {pb.occurrence.value}\")\n    else:\n        print(\"No secrets found in the document.\")\n\nexcept Exception as e:\n    print(f\"An error occurred during scan: {e}\")\n","lang":"python","description":"Initializes the GGClient with an API key sourced from an environment variable and performs a content scan for secrets. It includes a health check and prints detected incidents. API keys should always be handled securely, ideally via environment variables, to prevent exposure."},"warnings":[{"fix":"Migrate any code using these deprecated endpoints to alternative GitGuardian API methods or tools, or ensure your application does not rely on these specific functionalities.","message":"Version 1.20.0 removed support for the deprecated SCA (Software Composition Analysis) and IaC (Infrastructure as Code) scanning endpoints.","severity":"breaking","affected_versions":">=1.20.0"},{"fix":"Consult the latest pygitguardian documentation or examples for `scan_and_create_incidents()` to ensure correct usage with the updated API.","message":"Version 1.25.0 updated the `Client.scan_and_create_incidents()` method to align with server-side API changes. This may require reviewing and updating parameters or expected behavior if this method was previously used.","severity":"breaking","affected_versions":">=1.25.0"},{"fix":"Update type hints and any logic that processes these fields to expect string values. Perform explicit type conversions if a non-string type is required by your application.","message":"In version 1.27.0, several fields including `visibility`, `kind`, `presence status`, `ignore_reason`, and `tag` were changed to `str` type. Code expecting different types (e.g., enums or custom objects) might encounter type errors.","severity":"gotcha","affected_versions":">=1.27.0"},{"fix":"Before accessing `policy_break.detector_name` or `policy_break.detector_group_name`, check if the value is `None` to prevent `AttributeError` or unexpected behavior.","message":"As of version 1.23.0, the `detector_name` and `detector_group_name` fields in `PolicyBreak` objects were made optional. Code expecting these fields to always be present should implement checks for `None`.","severity":"gotcha","affected_versions":">=1.23.0"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}