Scan data for secrets
Git
5min
open source feature this feature is available in both trufflehog open source and trufflehog enterprise! configuration web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below source integration to git , the version control system local configuration basic auth sources \ connection '@type' type googleapis com/sources git basicauth password clonepassword username cloneuser excludepathsfile /home/me/dev/exclude txt includepathsfile /home/me/dev/include txt repositories \ https //github com/dustin decker/secretsandstuff git skipbinaries true name git scanperiod 12h type source type git verify true ssh auth sources \ connection '@type' type googleapis com/sources git \# ssh auth uses keys from your keychain sshauth {} excludepathsfile /home/me/dev/exclude txt includepathsfile /home/me/dev/include txt repositories \ ssh //github com/dustin decker/secretsandstuff git skipbinaries true name git scanperiod 12h type source type git verify true unauthenticated sources \ connection '@type' type googleapis com/sources git unauthenticated {} directories \ /home/me/dev/vscode excludepathsfile /home/me/dev/exclude txt includepathsfile /home/me/dev/include txt repositories \ https //github com/dustin decker/secretsandstuff git skipbinaries true name git scanperiod 12h type source type git verify true options key description required directories defines the directories to be scanned no repositories defines the repositories to be scanned no head specifies the head or branch no base specifies the base or branch no bare set to true if the repository is bare no includepathsfile path to file containing newline separated list of paths to include in scan no excludepathsfile path to file containing newline separated list of paths to exclude from scan no excludeglobs comma separated list of globs no maxdepth maximum depth of the repository to be scanned no skipbinaries if set to true, binary files will be skipped no skiparchives if set to true, archive files will be skipped no capabilities feature supported scan archive files ✅ scans base64 encoded data ✅ scans binaries ✅ exclude filter ✅ include filter ✅ pre commit ✅ pre receive ✅ scans history ✅ notes trufflehog does not scan diffs greater than 1 gb there is presently an known issue where, when you attempt to clone multiple refs that cannot coexist on disk at the same time, an error is thrown here is an anonymized example of this error thrown in github, but it would look similar in git "could not clone repo https //git xxxxx com/xxxxx/thog git, error executing git clone exit status 128, fatal cannot process 'refs/remotes/origin/release/21 22/test' and 'refs/remotes/origin/release/21 22' at the same time\n" this happens with some particular ref configurations that are not common in repositories, but occasionally exist when it is thrown, we will skip over the repo causing this error and begin scanning the next one there are workarounds that can be implemented that can attempt to scan the repos that throw this error but they have 2 potential limitations first, they may not be able to scan the entire repo second, they may require a manual step to run the scan if you would like assistance establishing a workaround, please open a bug report here report a bug