Scan data for secrets
Git
5min
open source feature this feature is available in both trufflehog open source and trufflehog enterprise! configuration web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below source integration to git , the version control system local configuration basic auth sources \ connection '@type' type googleapis com/sources git basicauth password clonepassword username cloneuser excludepathsfile /home/me/dev/exclude txt includepathsfile /home/me/dev/include txt repositories \ https //github com/dustin decker/secretsandstuff git skipbinaries true name git scanperiod 12h type source type git verify true ssh auth sources \ connection '@type' type googleapis com/sources git \# ssh auth uses keys from your keychain sshauth {} excludepathsfile /home/me/dev/exclude txt includepathsfile /home/me/dev/include txt repositories \ ssh //github com/dustin decker/secretsandstuff git skipbinaries true name git scanperiod 12h type source type git verify true unauthenticated sources \ connection '@type' type googleapis com/sources git unauthenticated {} directories \ /home/me/dev/vscode excludepathsfile /home/me/dev/exclude txt includepathsfile /home/me/dev/include txt repositories \ https //github com/dustin decker/secretsandstuff git skipbinaries true name git scanperiod 12h type source type git verify true options key description required directories defines the directories to be scanned no repositories defines the repositories to be scanned no head specifies the head or branch no base specifies the base or branch no bare set to true if the repository is bare no includepathsfile path to file containing newline separated list of paths to include in scan no excludepathsfile path to file containing newline separated list of paths to exclude from scan no excludeglobs comma separated list of globs no maxdepth maximum depth of the repository to be scanned no skipbinaries if set to true, binary files will be skipped no skiparchives if set to true, archive files will be skipped no capabilities feature supported scan archive files ✅ scans base64 encoded data ✅ scans binaries ✅ exclude filter ✅ include filter ✅ pre commit ✅ pre receive ✅ scans history ✅ notes trufflehog does not scan diffs greater than 1 gb
