trufflehog3 2.0.6

Find secrets in your codebase.

truffleHog3

This is an enhanced version of truffleHog scanner

Important

TruffleHog 2.x is not backwards compatible with 1.x branch, see new trufflehog.yaml and Help

New

• Python 3.6
• flake8 compliant code
• output to file in different formats: text, JSON, YAML, HTML
• option to disable Git history checks - scan simple files/directories
• option to exclude files/directories, see trufflehog.yaml
• config file support with automatic detection in source code directory

Installation

Package is available on PyPI

pip install truffleHog3

Customizing

List of default regexes was moved into repository, see rules.yaml

Help

usage: trufflehog3 [options] source

Find secrets in your codebase.

positional arguments:
  source             URLs or paths to local folders for secret searching

optional arguments:
  -h, --help         show this help message and exit
  -v, --verbose      enable verbose logging {-v, -vv, -vvv}
  -c, --config       path to config file
  -o, --output       write report to file
  -f, --format       output format {text, json, yaml, html}
  -r, --rules        ignore default regexes and source from file
  -R, --render-html  render HTML report from JSON or YAML
  --branch           name of the repository branch to be scanned
  --since-commit     scan starting from a given commit hash
  --skip-strings     skip matching strings
  --skip-paths       skip paths matching regex
  --line-numbers     include line numbers in match
  --max-depth        max commit depth for searching
  --no-regex         disable high signal regex checks
  --no-entropy       disable entropy checks
  --no-history       disable commit history check
  --no-current       disable current status check

Thanks

Special thanks to Dylan Ayrey (@dxa4481), developer of the original truffleHog scanner