Google Drive

enterprise feature this feature is only available with trufflehog enterprise contact us to learn more beta feature beta features are in development they may contain bugs general information the google drive scanner is available under "integrations" in the webapp to access, click on integrations > add integration > source > google drive currently, each integration can only be configured to scan a single google drive account if you want to scan multiple google drives, you will need to create separate integrations for each account however, we plan to enhance this capability in the future, allowing multiple drives across an organization to be scanned from a single integration permissions during the initial setup of the google drive integration, you will need to sign in with the account to be scanned and grant the web app the https //www googleapis com/auth/drive readonly permission this scope allows truffle to search what files are available via google drive to the account download the files to perform scanning for secrets (all files are downloaded and scanned in memory and no content is stored) see the names and emails of individuals associated with those files in order to make attributions in the event secrets are found configuration options web configuration please note our current version will only scan files accessible by the account used to create the integration this means files owned by the account and files shared with the account with the “viewers and commenters can see the option to download, print, and copy” option set (usually on by default in the file sharing settings) if your administrator has not whitelisted truffle’s app, you will most likely come across a screen with the following message “google hasn’t verified this app” you will then need to click through advanced > go to trufflehog org (unsafe) which will lead to the page for accepting permissions note if you are an admin, we have added instructions below on how to whitelist the truffle webapp once you have allowed truffle access, you will be redirected back to the configuration screen please name your integration and set the duration between scans by default they are set at 12 hour intervals \[for admins] how to allowlist truffle webapp (optional) go to the google admin panel and search for “api controls” it should appear under security > access and data control > api controls then go to manage third party app access if you have added the truffle integration once while unverified, the app should appear on the list with “access” set to “not configured” check the box next to the truffle app and click “change access” note if it does not appear on the list, check “view list” under “accessed apps” if you have not run the app once while unverified, that may also be required for it to appear under scope, click “include organizational units” and add the origanizational units for whom you would like the app to be allowlist and click select under “access to google data” select “trusted” and click next once you’ve reviewed the changes, click change access you should now be all set, and the app should no longer prompt the “unverified” screen during integration setup local configuration local configuration is not supported for google drive scanning capabilities feature supported scan archive files ✅ scan attachments ✅ scan base64 encoded data ✅ scan binaries ✅ scan microsoft office files ✅ scan comments ✅ scan drafts ❌ scan files in trash ✅ auto resume ✅ notes files over 1gb in size are not scanned only files that the authorizing user has access to are scanned (including shared files)