Gerrit

enterprise feature this feature is only available with trufflehog enterprise contact us to learn more source integration to gerrit , the code review tool configuration trufflehog will only scan what you have access to web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration if you omit providing projects then all code projects that the credential can list and access will be scanned basic auth sources \ connection '@type' type googleapis com/sources gerrit endpoint https //gerrit example com basicauth password xxxxxxxxxxxxxxxxxxxxxxxxxx username scanner account name gerrit scanperiod 12h type source type gerrit verify true unauthenticated sources \ connection '@type' type googleapis com/sources gerrit endpoint https //gerrit example com unauthenticated {} name gerrit scanperiod 12h type source type gerrit verify true options key description required endpoint the url endpoint for the gerrit service yes projects the list of projects to scan omit to enumerate instead no skipbinaries if set to true , binary files will be skipped no skiparchives if set to true , binary files will be skipped no capabilities feature supported history ✅ scan archive files ✅ scan base64 encoded ✅ scan binaries ✅ exclude filter ✅ auto resume ✅ notes does not scan diffs > 1 gb there is presently an known issue where, when you attempt to clone multiple refs that cannot coexist on disk at the same time, an error is thrown here is an anonymized example of this error thrown in github, but it would look similar in gerrit "could not clone repo https //git xxxxx com/xxxxx/thog git, error executing git clone exit status 128, fatal cannot process 'refs/remotes/origin/release/21 22/test' and 'refs/remotes/origin/release/21 22' at the same time\n" this happens with some particular ref configurations that are not common in repositories, but occasionally exist when it is thrown, we will skip over the repo causing this error and begin scanning the next one there are workarounds that can be implemented that can attempt to scan the repos that throw this error but they have 2 potential limitations first, they may not be able to scan the entire repo second, they may require a manual step to run the scan if you would like assistance establishing a workaround, please open a bug report here report a bug