Scan data for secrets
Azure Repos (cloud)
7 min
enterprise feature this feature is only available with trufflehog enterprise contact us to learn more beta feature beta features are in development they may contain bugs configuration options web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration azure repos can currently be scanned using a personal access token (pat) to create a pat, follow these steps go to your azure devops account and click on the “user settings” icon in the top right corner next to your profile picture click on “personal access tokens” click on “new token” enter a name for the token, select an organization and select the “custom defined” option then, select the “code (read)” scope click on “create” when providing organizations, projects and repositories in the config, please take note of the following at least one organization is required hierarchy organizations > projects > repositories ensure projects are from specified organizations, and repositories are from specified projects specifying only “organizations” will result in scanning all their projects specifying only “projects” will scan all their repositories the “ignore” filter always overrides the “include” filter, applicable to both “projects” and “repositories” access token sources \ connection '@type' type googleapis com/sources azurerepos ignoreprojects \ project2 ignorerepos \ https //dev azure com/trufflescurity/ignorerepo includeforks false skipbinaries true token xxxxxxxxxxxxxxxxxxxxxxxxxx name azure repos scanperiod 12h type source type azure repos verify true options key description required endpoint endpoint url for the azure repos no repositories list of repositories in azure repos omit to enumerate instead no organizations list of organizations in azure repos omit to enumerate instead no projects list of projects in azure repos no includeforks flag to include/exclude repos no ignorerepos list of repositories to exclude from search no includerepos list of repositories to include in search no includeprojects list of projects to include no ignoreprojects list of projects to ignore no skipbinaries flag to skip binaries from scanning no skiparchives flag to skip archives from scanning no capabilities feature supported scan archive files ✅ scan archive repo ✅ scan base64 encoded data ✅ scan binaries ✅ history ✅ include filter ✅ exclude filter ✅ pre commit ✅ auto resume ✅ notes trufflehog doesn't scan diffs larger than 1 gb only cloud hosted azure repos are scannable trufflehog cannot scan self hosted azure devops servers
