Git

git edition enterprise + open source the git integration scans git repositories and local directories for credentials and other sensitive data configuration the git integration can be configured in trufflehog under integrations , or via a local configuration file (below) web configuration configure this integration from the integrations page in trufflehog you'll need credentials appropriate to the repositories you want to scan — see the local configuration section below for the supported authentication methods local configuration local configuration supports three authentication methods basic authentication — uses a username and password (or token) for https clone access ssh authentication — uses ssh keys from your local keychain unauthenticated — for public repositories or local directories that don't require authentication basic authentication use this for https repositories that require username and password (or token) authentication sources \ connection "@type" type googleapis com/sources git basicauth username cloneuser password clonepassword repositories \ https //github com/dustin decker/secretsandstuff git includepathsfile /home/me/dev/include txt excludepathsfile /home/me/dev/exclude txt skipbinaries true name git scanperiod 12h type source type git verify true ssh authentication use this for repositories accessed via ssh ssh authentication uses keys from your local keychain sources \ connection "@type" type googleapis com/sources git sshauth {} repositories \ ssh //github com/dustin decker/secretsandstuff git includepathsfile /home/me/dev/include txt excludepathsfile /home/me/dev/exclude txt skipbinaries true name git scanperiod 12h type source type git verify true unauthenticated use this for public repositories or for scanning local directories that already contain git clones sources \ connection "@type" type googleapis com/sources git unauthenticated {} repositories \ https //github com/dustin decker/secretsandstuff git directories \ /home/me/dev/vscode includepathsfile /home/me/dev/include txt excludepathsfile /home/me/dev/exclude txt skipbinaries true name git scanperiod 12h type source type git verify true configuration options field type required description repositories list no list of remote repositories to clone and scan directories list no list of local directories containing existing git clones to scan head string no branch or commit to use as the head of the scan range base string no branch or commit to use as the base of the scan range bare boolean no set to true if the repository is bare maxdepth integer no maximum commit depth to scan includepathsfile string no path to a file containing newline separated paths to include in the scan excludepathsfile string no path to a file containing newline separated paths to exclude from the scan excludeglobs string no comma separated list of glob patterns to exclude from the scan skipbinaries boolean no skip binary files skiparchives boolean no skip archive files capabilities feature supported scan archive files ✅ scan base64 encoded data ✅ scan binaries ✅ scan history ✅ include / exclude filters ✅ pre commit ✅ pre receive ✅ notes trufflehog does not scan diffs larger than 1 gb troubleshooting error cause solution cannot process 'refs/remotes/origin/ ' and 'refs/remotes/origin/ ' at the same time repository contains refs that conflict on disk during clone (e g , a branch and a tag with overlapping paths) uncommon, but the scan will skip the affected repo and continue if you need to scan a repo that consistently throws this error, open a bug report for workaround guidance