Aurelien Gateau

Good point, will look into it. In the mean time, since ggshield is not a Python library, you can install it using [pipx](https://pypa.github.io/pipx/) to avoid dependency issues.

I think you need to sync with @ziadghalleb: he is in the process of moving the definition of the action to the main ggshield repository, see https://github.com/GitGuardian/ggshield/pull/326.

Finally closing this one now that #212 is done.

Hi, thanks for your report! Our JSON format indeed lacks documentation. We plan to work on fixing that. I am not convinced by unit-test oriented file formats because I would...

> Normally our scan and/or test results are collected and published in Azure DevOps like shown in the picture below. There are no pictures in your message. I think GitHub...

> Another try.. Still no picture 😞. I think you need to use the web interface to attach them.

Thanks for the pictures, I can see them now. I still believe there is more value in adding SARIF support than in shoehorning ggshield outputs in a unit-test output format....

> Nice! Maybe `log_vars` should be moved to an higher level? I think it could be used in `previous_commit.py` too Good idea, going to do this.

Closing this for now, I am reworking it.

Hi, how often does this happen? Does it always happen with the same Docker image?