Scan data for secrets

Gerrit

5 min

Enterprise feature: This feature is only available with TruffleHog Enterprise. Contact us to learn more.



Source integration to Gerrit, the code review tool.

Configuration

TruffleHog will only scan what you have access to.

Web configuration

You can configure this integration via the web UI through the integrations tab or you can use a local configuration file as outlined below.



Local configuration

If you omit providing projects then all code projects that the credential can list and access will be scanned.

Basic auth
Unauthenticated


Options

Key

Description

Required

endpoint

The URL endpoint for the Gerrit service

Yes

projects

The list of projects to scan. Omit to enumerate instead.

No

skipBinaries

If set to true, binary files will be skipped

No

skipArchives

If set to true, binary files will be skipped

No

Capabilities

Feature

Supported

History

Scan archive files

Scan base64 encoded

Scan binaries

Exclude Filter

Auto resume

Notes:

  • Does not scan diffs > 1 GB.
  • There is presently an known issue where, when you attempt to clone multiple refs that cannot coexist on disk at the same time, an error is thrown. Here is an anonymized example of this error thrown in GitHub, but it would look similar in Gerrit: "could not clone repo: https://git.xxxxx.com/xxxxx/thog.git, error executing git clone: exit status 128, fatal: cannot process 'refs/remotes/origin/release/21.22/test' and 'refs/remotes/origin/release/21.22' at the same time\n". This happens with some particular ref configurations that are not common in repositories, but occasionally exist. When it is thrown, we will skip over the repo causing this error and begin scanning the next one. There are workarounds that can be implemented that can attempt to scan the repos that throw this error but they have 2 potential limitations. First, they may not be able to scan the entire repo. Second, they may require a manual step to run the scan. If you would like assistance establishing a workaround, please open a bug report here: Report a Bug