docs/cli/commands/scan-git-changes.mdx
infisical scan git-changes
# Display the full secret findings
infisical scan git-changes --verbose
Scanning for secrets before you commit your changes is great way to prevent leaks. Infisical makes this easy with the sub command git-changes.
The git-changes scans for uncommitted changes in a Git repository, and is especially designed for use on developer machines, aligning with the 'shift left' security approach.
When git-changes is run on a Git repository, Infisical parses the output from a git diff command.
To scan changes in commits that have been staged via git add, you can add the --staged flag to the sub command. This flag is particularly useful when using Infisical CLI as a pre-commit tool.
detect secrets in a --staged state
Default value: false
</Accordion>
git log options </Accordion>
<Accordion title="--baseline-path"> Short hand: `-b`Description
path to baseline with issues that can be ignored </Accordion>
<Accordion title="--config"> Short hand: `-c`Description
config file path
order of precedence:
exit code when leaks have been encountered (default 1) </Accordion>
<Accordion title="--max-target-megabytes"> **Description**files larger than this will be skipped </Accordion>
<Accordion title="--no-color"> **Description**turn off color for verbose output </Accordion>
<Accordion title="--redact"> **Description**redact secrets from logs and stdout </Accordion>
<Accordion title="--report-format"> **Description**output format (json, csv, sarif) (default "json") </Accordion>
<Accordion title="--report-path"> **Description**report file </Accordion>
<Accordion title="--source"> **Description**path to source (default ".") </Accordion>
<Accordion title="--verbose"> **Description**show verbose output from scan </Accordion>