Scan data for secrets
Gerrit
5 min
Enterprise feature: This feature is only available with TruffleHog Enterprise. Contact us to learn more.
Source integration to Gerrit, the code review tool.
TruffleHog will only scan what you have access to.
If you omit providing projects then all code projects that the credential can list and access will be scanned.
Basic auth
Unauthenticated
1sources:
2- connection:
3 '@type': type.googleapis.com/sources.Gerrit
4 endpoint: https://gerrit.example.com
5 basicAuth:
6 password: XXXXXXXXXXXXXXXXXXXXXXXXXX
7 username: scanner-account
8 name: Gerrit
9 scanPeriod: 12h
10 type: SOURCE_TYPE_GERRIT
11 verify: true
Key | Description | Required |
---|---|---|
endpoint | The URL endpoint for the Gerrit service | Yes |
projects | The list of projects to scan. Omit to enumerate instead. | No |
skipBinaries | If set to true, binary files will be skipped | No |
skipArchives | If set to true, binary files will be skipped | No |
Feature | Supported |
---|---|
History | ✅ |
Scan archive files | ✅ |
Scan base64 encoded | ✅ |
Scan binaries | ✅ |
Exclude Filter | ✅ |
Auto resume | ✅ |
Notes:
- Does not scan diffs > 1 GB.
- There is presently an known issue where, when you attempt to clone multiple refs that cannot coexist on disk at the same time, an error is thrown. Here is an anonymized example of this error thrown in GitHub, but it would look similar in Gerrit: "could not clone repo: https://git.xxxxx.com/xxxxx/thog.git, error executing git clone: exit status 128, fatal: cannot process 'refs/remotes/origin/release/21.22/test' and 'refs/remotes/origin/release/21.22' at the same time\n". This happens with some particular ref configurations that are not common in repositories, but occasionally exist. When it is thrown, we will skip over the repo causing this error and begin scanning the next one. There are workarounds that can be implemented that can attempt to scan the repos that throw this error but they have 2 potential limitations. First, they may not be able to scan the entire repo. Second, they may require a manual step to run the scan. If you would like assistance establishing a workaround, please open a bug report here: Report a Bug