GitHub Real-time

configuration options this integration scans github push events in real time this experimental integration is in early access for select trufflehog enterprise customers if you are interested in trying it out, please reach out to your customer success manager because this integration is experimental, its interface and functionality may change web configuration web configuration is not available for this source local configuration github real time requires configuration in two places the trufflehog configuration yaml file (like any other source integration) github itself, to enable the sending of push events to trufflehog the yaml configuration contains github authentication information most of this configuration is identical to that of docid\ laattwrhgroszrxw3ump ; see that documentation section for details not covered here like github, github real time supports both token based authentication and github app authentication access token sources \ connection '@type' type googleapis com/sources githubrealtime webhooksecret xxxxx token xxxxxxxxxxxxxxxxxxxxxxxxxx name github real time type source type github realtime verify true github app sources \ connection '@type' type googleapis com/sources githubrealtime webhooksecret xxxxx githubapp installationid xxxxx appid xxxxx privatekey | \ begin rsa private key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \ end rsa private key name github real time type source type github realtime verify true key description required webhooksecret secret shared with github that is used to validate push event deliveries yes configuring github to send push events in addition to configuring trufflehog to receive push events, you must configure a github https //docs github com/en/webhooks/using webhooks/creating webhooks to send them webhooks can be configured for github https //docs github com/en/webhooks/using webhooks/creating webhooks#creating a repository webhook , https //docs github com/en/webhooks/using webhooks/creating webhooks#creating an organization webhook , or https //docs github com/en/webhooks/using webhooks/creating webhooks#creating webhooks for a github app configure your webhook as follows payload url https //\<your trufflehog domain>/sources/github/webhook content type application/json which events just the push event secret any high entropy value you https //docs github com/en/webhooks/using webhooks/validating webhook deliveries#creating a secret token copy this secret into the trufflehog configuration yaml this is a sensitive value, so store it the same way you store other sensitive values in your configuration yaml a single github real time integration can accept push events from multiple webhooks these webhooks can be of different types (e g you could set up two repository webhooks and one organization webhook), but they must share a secret the integration's configured credentials must have access to every repository that sends push events to it you can use github app authentication when using repository or organization webhooks, and you can use github token authentication when using github app webhooks if you configure multiple github real time integrations, ensure that they have the same name if they do, scanning work will be distributed across them if they have different names, they will each scan every event, uselessly duplicating work capabilities feature supported scan archive files ✅ scan archived repositories n/a scan base64 encoded data ✅ scan binaries ✅ comments ❌ gists ✅ include/exclude filter ❌ forks ✅ history ✅ pre commit n/a pre receive n/a real time scanning ✅ auto resume n/a scan in continuous integration (ci) n/a notes trufflehog will only scan the first 2048 commits in each push event the rest will be skipped github will not send push events in certain (uncommon) circumstances; see https //docs github com/en/webhooks/webhook events and payloads#push for details if scanner with a configured github real time integration is stopped and resumed within seven days, it will scan each push event that occurred while it was stopped if the scanner stays stopped for more than seven days, all of the interim events will be ignored