The Azure Repos integration scans repositories in Azure DevOps for credentials and other sensitive data.

The Azure Repos integration can be configured in TruffleHog under 

, or via a local configuration file (below).

 page in TruffleHog. You'll need a personal access token (PAT) from Azure DevOps with the 

 icon in the top right next to your profile picture.

Name the token, select an organization, and choose 

When specifying organizations, projects, and repositories, keep in mind:

The hierarchy is organizations > projects > repositories. Projects must belong to specified organizations, and repositories must belong to specified projects.

Specifying only organizations scans all their projects. Specifying only projects scans all their repositories.

Ignore filters always override include filters, for both projects and repositories.

sources:
  - connection:
      "@type": type.googleapis.com/sources.AzureRepos
      organizations:
        - trufflesecurity
      ignoreProjects:
        - Project2
      ignoreRepos:
        - https://dev.azure.com/trufflesecurity/IgnoreRepo
      includeForks: false
      skipBinaries: true
      token: XXXXXXXXXXXXXXXXXXXXXXXXXX
    name: Azure Repos
    scanPeriod: 12h
    type: SOURCE_TYPE_AZURE_REPOS
    verify: true

TruffleHog does not scan diffs larger than 1 GB.

Only cloud-hosted Azure Repos are supported. Self-hosted Azure DevOps Server is not scannable.

Learn how to configure Azure Repos for scanning using a personal access token (PAT). Discover the various configuration options available, including the ability to specify organizations, projects, and repositories.

AWS S3

Azure Repos (cloud)

source

Bitbucket

TruffleHog Docs

Choose your adventure

Configuring a scanner

Hosted Scanner deployment

Creating a scanner

Configuring a self-hosted scanner

Self-Hosted Deployment Guide

Linux Host

Docker

Helm Chart

Kubernetes Manifest

Resource requirements

Configuration file reference

Credential management

Running the scanner

Self-Hosted Scanner deployment

TruffleHog Enterprise - Getting started

Artifactory

Buildkite

CircleCI

Confluence

Filesystem

Gerrit

GitLab

GitHub Real-time

GitHub

Google Cloud Storage (GCS)

Google Drive Domain-Wide Delegation (DWD)

Google Drive

Jenkins

Jira

Microsoft Sharepoint

Microsoft Teams

Postman

Slack

Vector

Reverify secrets

Verification caching

Scan for secrets

Self-discovery analyzers

GCP analyze

Analyze secrets

Email

Multi-project ticket synchronization

Splunk

Stdout

Webhook

Notify results

Shared Secrets

Scanning in CI

Pre-commit hooks

Pre-receive hooks

Block secrets from leaking

Custom detectors

Customizing detection

On-premise verification

Customizing detectors

Customizing TruffleHog

User Enablement Guide

Exported Secrets Column Definitions

Resource Hub

Architecture

Dynamic Role-Based Access Control (RBAC)

Authentication

Compliance

Data flow

How we handle your data

Security and Compliance

Secret Management Best Practices

Terminology

2026 April

2026 March

2026 January

2025 December

2025 November

2025 October

2025 September

2025 August

2025 July

2025 June

2025 May

TruffleHog Release Notes