Customizing TruffleHog
On-premise verification

3min
You can use Custom verifiers to set the endpoints for enterprise or non-publicly accessible instances. This will allow TruffleHog to verify secrets against those domains.
Custom verifiers should be set at the root level of the config.yaml file such that they apply globally. Custom verifiers can be configured in your config.yaml file under the customVerifiers field.
We currently support the following verifiers: github and gitlab
You can set the on-premise servers in the local config or on command line.
Example config
Each verifier can include one or more endpoints.
Basic auth
trufflehogAddress: <instance-name>.api.c1.prod.trufflehog.org:8443
trufflehogScannerGroup: <scanner-group-name>
trufflehogScannerToken: thog-agent-<token>
...
customVerifiers:
  - name: gitlab
    endpoints:
    - https://example.gitlab.com
  - name: github
    endpoints:
    - https://example.github.com
...
trufflehogAddress: <instance-name>.api.c1.prod.trufflehog.org:8443
trufflehogScannerGroup: <scanner-group-name>
trufflehogScannerToken: thog-agent-<token>
...
customVerifiers:
  - name: gitlab
    endpoints:
    - https://example.gitlab.com
  - name: github
    endpoints:
    - https://example.github.com
...
﻿
Customizing via command line
You can also set custom verifiers via our open source TruffleHog tool.
In the following example, we scan the currrent directory in our filesystem and pass-in two custom verifier endpoints for Github and one custom verifier endpoint for Gitlab.
trufflehog filesystem . --verifier github=example1.github.com,example2.github.com --verifier gitlab=example1.gitlab.com
﻿
Updated 28 May 2024
Did this page help you?
Customizing detection
Security and Compliance