GitGuardian
diff --git a/‎.gitguardian.example.yml
-41 b/‎.gitguardian.example.yml
-41
diff --git a/‎.gitguardian.yaml
-11 b/‎.gitguardian.yaml
-11
diff --git a/‎.github/workflows/ci.yml
-40 b/‎.github/workflows/ci.yml
-40
diff --git a/‎.importlinter
+2-10 b/‎.importlinter
+2-10
diff --git a/‎.pre-commit-hooks.yaml
-40 b/‎.pre-commit-hooks.yaml
-40
diff --git a/‎README.md
-17 b/‎README.md
-17
diff --git a/‎actions-unstable/iac/action.yml
-27 b/‎actions-unstable/iac/action.yml
-27
diff --git a/‎actions-unstable/sca/action.yml
-25 b/‎actions-unstable/sca/action.yml
-25
diff --git a/‎actions/iac/action.yml
-20 b/‎actions/iac/action.yml
-20
diff --git a/‎actions/sca/action.yml
-20 b/‎actions/sca/action.yml
-20
diff --git a/‎changelog.d/20250103_165032_florian.perucki_remove_sca_iac.md
+4 b/‎changelog.d/20250103_165032_florian.perucki_remove_sca_iac.md
+4
diff --git a/‎doc/dev/error-handling.md
+1-1 b/‎doc/dev/error-handling.md
+1-1
@@ -36,44 +36,3 @@ secret:
   # Detectors to ignore.
   ignored_detectors: # default: []
     - Generic Password
-
-iac:
-  # Exclude files and paths by globbing
-  ignored_paths:
-    - '**/README.md'
-    - 'doc/*'
-    - 'LICENSE'
-    - path: 'tests/*'
-      comment: 'Ignore vulnerabilities in tests'
-    - path: 'dev/*'
-      comment: 'Ignore vulnerabilities in dev sandbox'
-      until: '2030-06-24T00:00:01Z'
-
-  # IaC vulnerabilities to ignore
-  ignored_policies:
-    - GG_IAC_0000
-    - GG_IAC_0005
-    - policy: 'GG_IAC_0003'
-      until: '2030-06-24T00:00:01Z'
-    - policy: 'GG_IAC_0012'
-      comment: 'We will handle this later'
-      until: '2030-06-24T00:00:01Z'
-
-  # Minimum severity of the policies
-  minimum_severity: HIGH
-
-sca:
-  # Exclude files and paths by globbing
-  ignored_paths:
-    - '**/Pipfile'
-    - '/back/**/package.json'
-
-  # SCA vulnerabilities to ignore
-  ignored_vulnerabilities:
-    - identifier: 'GHSA-0000-aaaa-ZZZZ'
-      path: 'Pipfile.lock' # Can be a regex
-      comment: 'Check vulnerability later' # Optional
-      until: '2023-05-01T00:00:00' # Optional, needs to follow ISO 8061 format 'YYYY-MM-DDTHH:MM:SS' (converted to UTC)
-
-  # Minimum severity of the policies
-  minimum_severity: HIGH
@@ -34,14 +34,3 @@ secret:
     - .env
     - 'tests/unit/cassettes/*'
     - 'tests/unit/**/snapshots/*'
-
-iac:
-  ignored_policies:
-    # We don't want to fix this vulnerability because many CI systems
-    # (including GitHub action and Azure pipelines) expect the user inside the
-    # container to be root.
-    - GG_IAC_0079
-
-sca:
-  ignored_paths:
-    - tests/
@@ -164,51 +164,13 @@ jobs:
           GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
           GITGUARDIAN_API_URL: ${{ secrets.GITGUARDIAN_API_URL }}
 
-  test_github_iac_scan_action:
-    name: Test GitHub action for `iac scan`
-    # See note about steps requiring the GITGUARDIAN_API at the top of this file
-    if: ${{ !github.event.pull_request.head.repo.fork }}
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Scan commits for IaC vulnerabilities
-        uses: ./actions-unstable/iac
-        with:
-          args: .
-        env:
-          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
-          GITGUARDIAN_API_URL: ${{ secrets.GITGUARDIAN_API_URL }}
-
-  test_github_sca_scan_action:
-    name: Test GitHub action for `sca scan`
-    # See note about steps requiring the GITGUARDIAN_API at the top of this file
-    if: ${{ !github.event.pull_request.head.repo.fork }}
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Scan commits for SCA vulnerabilities
-        uses: ./actions-unstable/sca
-        with:
-          args: .
-        env:
-          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
-          GITGUARDIAN_API_URL: ${{ secrets.GITGUARDIAN_API_URL }}
-
   dockerhub-unstable:
     name: Push Docker image to Docker Hub
     runs-on: ubuntu-22.04
     if: github.ref == 'refs/heads/main' && github.event_name == 'push'
     needs:
       - lint
       - build
-      - test_github_iac_scan_action
-      - test_github_sca_scan_action
       - test_github_secret_scan_action
     steps:
       - name: Checkout
@@ -228,8 +190,6 @@ jobs:
     needs:
       - lint
       - build
-      - test_github_iac_scan_action
-      - test_github_sca_scan_action
       - test_github_secret_scan_action
     steps:
       - name: Check out the repo
 
@@ -9,8 +9,8 @@ name = ggshield-layers
 type = layers
 layers = 
 	ggshield.__main__
-	ggshield.cmd.auth | ggshield.cmd.config | ggshield.cmd.hmsl | ggshield.cmd.honeytoken | ggshield.cmd.iac | ggshield.cmd.install | ggshield.cmd.quota | ggshield.cmd.sca | ggshield.cmd.secret | ggshield.cmd.status | ggshield.cmd.utils
-	ggshield.verticals.auth | ggshield.verticals.hmsl | ggshield.verticals.iac | ggshield.verticals.sca | ggshield.verticals.secret
+	ggshield.cmd.auth | ggshield.cmd.config | ggshield.cmd.hmsl | ggshield.cmd.honeytoken | ggshield.cmd.install | ggshield.cmd.quota | ggshield.cmd.secret | ggshield.cmd.status | ggshield.cmd.utils
+	ggshield.verticals.auth | ggshield.verticals.hmsl | ggshield.verticals.secret
 	ggshield.core
 	click | ggshield.utils | pygitguardian
 ignore_imports = 
@@ -26,18 +26,14 @@ source_modules =
 	ggshield.cmd.config
 	ggshield.cmd.hmsl
 	ggshield.cmd.honeytoken
-	ggshield.cmd.iac
 	ggshield.cmd.install
 	ggshield.cmd.quota
-	ggshield.cmd.sca
 	ggshield.cmd.secret
 	ggshield.cmd.status
 	ggshield.cmd.utils
 forbidden_modules = 
 	ggshield.verticals.auth
 	ggshield.verticals.hmsl
-	ggshield.verticals.iac
-	ggshield.verticals.sca
 	ggshield.verticals.secret
 ignore_imports = 
 	ggshield.cmd.auth.** -> ggshield.verticals.auth
@@ -49,14 +45,10 @@ ignore_imports =
 	ggshield.cmd.hmsl.** -> ggshield.verticals.hmsl.**
 	ggshield.cmd.honeytoken.** -> ggshield.verticals.honeytoken
 	ggshield.cmd.honeytoken.** -> ggshield.verticals.honeytoken.**
-	ggshield.cmd.iac.** -> ggshield.verticals.iac
-	ggshield.cmd.iac.** -> ggshield.verticals.iac.**
 	ggshield.cmd.install.** -> ggshield.verticals.install
 	ggshield.cmd.install.** -> ggshield.verticals.install.**
 	ggshield.cmd.quota.** -> ggshield.verticals.quota
 	ggshield.cmd.quota.** -> ggshield.verticals.quota.**
-	ggshield.cmd.sca.** -> ggshield.verticals.sca
-	ggshield.cmd.sca.** -> ggshield.verticals.sca.**
 	ggshield.cmd.secret.** -> ggshield.verticals.secret
 	ggshield.cmd.secret.** -> ggshield.verticals.secret.**
 	ggshield.cmd.status.** -> ggshield.verticals.status
 
@@ -9,26 +9,6 @@
   pass_filenames: false
   minimum_pre_commit_version: 3.2.0
 
-- id: ggshield-iac
-  name: ggshield-iac (pre-commit)
-  entry: ggshield
-  description: Runs ggshield Infra as Code Security to detect IaC vulnerabilities.
-  stages: [pre-commit]
-  args: ['iac', 'scan', 'pre-commit']
-  language: python
-  pass_filenames: false
-  minimum_pre_commit_version: 3.2.0
-
-- id: ggshield-sca
-  name: ggshield-sca (pre-commit)
-  entry: ggshield
-  description: Runs ggshield Software Composition Analysis to detect vulnerabilities introduced by dependencies.
-  stages: [pre-commit]
-  args: ['sca', 'scan', 'pre-commit']
-  language: python
-  pass_filenames: false
-  minimum_pre_commit_version: 3.2.0
-
 - id: docker-ggshield
   name: ggshield (pre-commit,docker)
   language: docker_image
@@ -46,26 +26,6 @@
   pass_filenames: false
   minimum_pre_commit_version: 3.2.0
 
-- id: ggshield-iac-push
-  name: ggshield-iac (pre-push)
-  entry: ggshield
-  description: Runs ggshield Infra as Code Security to detect IaC vulnerabilities.
-  args: ['iac', 'scan', 'pre-push']
-  stages: [pre-push]
-  language: python
-  pass_filenames: false
-  minimum_pre_commit_version: 3.2.0
-
-- id: ggshield-sca-push
-  name: ggshield-sca (pre-push)
-  entry: ggshield
-  description: Runs ggshield Software Composition Analysis to detect vulnerabilities introduced by dependencies.
-  args: ['sca', 'scan', 'pre-push']
-  stages: [pre-push]
-  language: python
-  pass_filenames: false
-  minimum_pre_commit_version: 3.2.0
-
 - id: docker-ggshield-push
   name: ggshield (pre-push,docker)
   language: docker_image
 
@@ -39,7 +39,6 @@ Only metadata such as call time, request size and scan mode is stored from scans
   - [Manual setup](#manual-setup)
 - [Getting started](#getting-started)
   - [Secrets](#secrets)
-  - [Infra as Code Security (IaC)](#infra-as-code-security-iac)
 - [Integrations](#integrations)
 - [Learn more](#learn-more)
 - [Output](#output)
@@ -166,22 +165,6 @@ You can now use `ggshield` to search for secrets:
 - in Pypi packages: `ggshield secret scan pypi flask`
 - and more, have a look at `ggshield secret scan --help` output for details.
 
-## Infra as Code Security (IaC)
-
-You can also search for vulnerabilities in your IaC files using the following command:
-
-```
-ggshield iac scan all .
-```
-
-However, if you are only interested in _new_ potential IaC vulnerabilities, you can run:
-
-```
-ggshield iac scan diff --ref=HEAD~1 .
-```
-
-Have a look at `ggshield iac scan --help` for more details.
-
 # Integrations
 
 You can integrate `ggshield` in your [CI/CD workflow](https://docs.gitguardian.com/ggshield-docs/integrations/overview#cicd-integrations-secrets-detection-in-your-cicd-workflow).
 
@@ -0,0 +1,4 @@
+### Removed
+
+- SCA code and commands
+- IaC code and commands
@@ -9,7 +9,7 @@
 It is important for users (and for our tests) to be able to make the distinction between "a scan was successful but it found problems" and "something went wrong while scanning". To do so, GGShield uses different error codes for the different cases. At the time of this writing the following codes are supported:
 
 - 0: All good
-- 1: Scan was successful but it found problems (leaked secrets, IaC security issues...)
+- 1: Scan was successful but it found problems (e.g. leaked secrets)
 - 2: Error on the command-line, like a missing parameter
 - 3: An authentication subcommand failed
 - 128: Something else