Choose your adventure
TruffleHog is the most powerful secrets Discovery, Classification, Validation, and Analysis tool. In this context secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more...
TruffleHog can look for secrets in many places including Git, chats, wikis, logs, API testing platforms, object stores, filesystems and more
TruffleHog classifies over 800 secret types, mapping them back to the specific identity they belong to. Is it an AWS secret? Stripe secret? Cloudflare secret? Postgres password? SSL Private key? Sometimes its hard to tell looking at it, so TruffleHog classifies everything it finds.
For every secret TruffleHog can classify, it can also log in to confirm if that secret is live or not. This step is critical to know if there’s an active present danger or not.
For the 20 some of the most commonly leaked out credential types, instead of sending one request to check if the secret can log in, TruffleHog can send many requests to learn everything there is to know about the secret. Who created it? What resources can it access? What permissions does it have on those resources?
| Open-source | Enterprise 💸 |
---|---|---|
GitHub, S3, directory, GCS, and Docker scanning | ✅ | ✅ |
800+ secret detectors | ✅ | ✅ |
GitHub actions, pre-commit, and pre-receive hooks | ✅ | ✅ |
Custom regex and secrets verification | ✅ | ✅ |
Automatic updates | ✅ | ✅ |
Choice of on-premises and cloud scanning | ❌ | ✅ |
19+ Integrations (GitHub, Confluence, JIRA, Slack, More) | ❌ | ✅ |
Continuous monitoring | ❌ | ✅ |
Intuitive dashboard | ❌ | ✅ |
Alerting | ❌ | ✅ |
Monitor vast public datasets | ❌ | ✅ |
Single sign-on: SAML 2.0 or OAuth 2.0 | ❌ | ✅ |
Role-based access control | ❌ | ✅ |
Deployment and onboarding support | ❌ | ✅ |
On-going priority technical support | ❌ | ✅ |
Detailed analytics and reporting | ❌ | ✅ |
Interested in Enterprise? Contact us for a free trial.