Scan data for secrets
Artifactory
7min
enterprise feature this feature is only available with trufflehog enterprise contact us to learn more alpha feature alpha features are in active development they may contain bugs source integration to jfrog artifactory configuration options to create an access token for a user with read only permissions, create a new user in the jfrog artifactory ui under " identity and access " leave all roles unchecked and ensure the user is added to the readers group (selected by default) once created, navigate to the "access tokens" tab and generate a token for the newly created user web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration it is recommended to generate an access token for a user with read only permissions to do so, create a new user in the jfrog artifactory ui under “identity and access ” leave all roles unchecked and ensure the user is added to the readers group (selected by default) once created, navigate to the “access tokens” tab and generate a token for the newly created user access token sources \ connection '@type' type googleapis com/sources artifactory accesstoken xxxxxxxxxxxxxx endpoint https //example jfrog io \# ignore paths is not required ignorepaths \ third party/drivers/ name artifactory repository artifacts scanperiod 12h type source type jfrog artifactory verify true basic auth sources \ connection '@type' type googleapis com/sources artifactory basicauth \# password can be an access token, api key, or account password password secret username username endpoint https //example jfrog io \# ignore paths is not required ignorepaths \ third party/drivers/ name artifactory repository artifacts scanperiod 12h type source type jfrog artifactory verify true key description required endpoint the url for your artifactory instance yes repositories list of artifactory repositories to scan omit to enumerate instead no includepaths list of artifact paths to include in scans supports globbing no ignorepaths list of artifact paths to ignore in scans supports globbing no include paths and ignore paths interact as follows if only an includepaths is provided, then trufflehog will only scan artifacts that match it if only an ignorepaths is provided, then trufflehog will scan all artifacts that do not match it if both includepaths and ignorepaths are provided, then trufflehog will scan only artifacts that match the include list but not the ignore list paths should not include a repository qualifier for example, if example is the repository name and the directory to include is example/path/to/dir , the includepaths value should be path/to/dir/ paths defined in includepaths and ignorepaths are applied to all repositories in a configuration to restrict a specific path to a single repository, a separate artifactory source must be configured if a path is expected in multiple repositories but should only apply to one of them within a specific configuration, additional artifactory sources are needed to ensure the path is scoped correctly capabilities feature supported scan archive files ✅ scan base64 encoded data ✅ scan binaries ✅ auto resume ✅ include filter ✅ exclude filter ✅