Running the scanner
5 min
if youβve provided the configuration as a file, run the scanner with filepath provided /scanner scan config=path/to/config yaml π·ππ· trufflehog unearth your secrets π·ππ· resource requirements the trufflehog scanner supports concurrency by default, it uses a concurrency value that is equal to the number of cpu cores that you have the detection engine will fully utilize this concurrency, but only some source integrations support concurrency some source integrations that fetch data via apis, such as slack, jira, and confluence may have their throughput limited on the api server side and may not saturate your cpu minimum recommended requirements cpu 4 cores or more memory 16gb or more storage 10gb or more in the systemβs temporary directory see resource requirements docid\ t6 8om1ro0fnzyfobyzqe for more details cli flags \ debug, v enables debug mode, increasing verbosity of logs for detailed output useful in debugging activates a pprof server for application profiling during execution \ json formats the output as json \ run once executes the scan only once, making the program exit after a single scan instead of running and scanning periodically warning using this flag will prevent notifications being sent from local scanners \ fail verified returns a non zero exit code when verified secrets are found \ archive max size sets a limit on the size of archives to scan, taking a value representing the maximum size in bytes \ archive max depth limits how deeply nested archives are inspected accepts a value representing the maximum depth to scan \ archive timeout sets a limit on the time to spend extracting an archive accepts a duration value (e g , β5mβ for 5 minutes) note obtain a full list of commands and flags by running the ββhelpβ command /scanner help if youβve uploaded the configuration to a secrets management solution (recommended), run the scanner with the secret provided as a /scanner scan config="gsm //my gcp project/secret name" see credential management docid\ ggs4jc2 dmlmmwyxjymg8 for more information on loading configuration from your secret manager hosted scanner concurrency the trufflehog hosted scanner has a concurrency limit of 4 active hosted scanners at a given time if more than 4 hosted scanners are initiated, the 5th scanner and beyond will wait for space to be available this is for all hosted scanners across your organization overlapping scan durations if a currently running scan for a source does not complete before the next configured duration between scans (web app) or scanperiod (config file), the currently running scan will continue and no new scan will start
