Scanning in CI
You can use TruffleHog in CI to prevent secrets from being merged in Git.
If you use GitHub Actions, use the TruffleHog Enterprise Action on the marketplace and follow the instructions there.
Adjust the --since-commit value to match your default branch that people merge into.
You can run TruffleHog using the binary directly, or with Docker.
The first expected argument is the base reference, typically the main branch that you merge into, such as main or master. The second argument is the HEAD reference. If your branch is already checked out, you can simply use HEAD, otherwise give a branch, tag, or commit reference.
TruffleHog will return a non-zero exit code if there are findings.
You can see the all of the available flags for the trufflehog-launcher git command below:
That's all there is to it!