Buildkite

buildkite edition enterprise only the buildkite integration scans build logs and artifacts for credentials and other sensitive data configuration the buildkite integration can be configured in trufflehog under integrations , or via a local configuration file (below) web configuration configure this integration from the integrations page in trufflehog you'll need a buildkite api access token with graphql api access enabled and the following scopes organization access — read access to your buildkite organization read artifacts — read access to build artifacts read builds — read access to build metadata read build logs — read access to build log output read pipelines — read access to pipeline configuration tokens without graphql api access enabled will fail to authenticate even when the scopes are correct local configuration sources \ connection "@type" type googleapis com/sources buildkite \# token must have graphql api access enabled \# token requires organization access, read artifacts, \# read builds, read build logs, and read pipelines token xxxxxxxxxxxxxxxxxxxxxxxxxx name buildkite logs and artifacts scanperiod 12h type source type buildkite verify true configuration options field type required description token string yes a buildkite api access token with graphql api access enabled and the scopes listed above capabilities feature supported scan build logs ✅ scan archive files ✅ scan base64 encoded data ✅ scan binaries ✅ auto resume ✅ notes objects larger than 10 mb are not scanned include and exclude filters are not supported the scanner covers all builds, artifacts, and logs the token has access to