Socket
Socket
Sign inDemoInstall

trufflehog3

Package Overview
Dependencies
0
Maintainers
1
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

trufflehog3

Find secrets in your codebase


Maintainers
1

Readme

Package Version Python Version Downloads Tests Code Coverage

trufflehog3

This is an enhanced version of the Python-based truffleHog scanner

report preview dekstop report preview mobile

Installation

Package is available on PyPI

pip install trufflehog3

Usage

Full API documentation is available at feeltheajf.github.io/trufflehog3.

You can always check available options by running

trufflehog3 --help

Here are some basic examples to get you started

# clone remote Git repository, scan 10 latest commits and output to stdout
$ trufflehog3 --depth 10 https://github.com/feeltheajf/trufflehog3

# disable Git history search, scan current directory and save report as JSON
$ trufflehog3 --no-history --format json --output report.json

# render HTML report from JSON
$ trufflehog3 -R report.json --output report.html

New

v3 was heavily updated both under the hood and from API perspective. See below for more details on new features.

Automatic Config Detection

.trufflehog3.yml is automatically detected in the root of the scanned directory. However, you can still specify custom path using -c/--config CLI argument. Do not forget to check out the updated .trufflehog3.yml config file format.

HTML Reports

HTML reports are now much prettier and more useful than ever. You can filter out specific rules or paths on the fly without fiddling with raw data. Have a look at a sample HTML report and try it on your own.

Inline Exclude

Inline nosecret comments are now supported for excluding false positives

# skip all rules
password = ""  # nosecret

# only skip rule with specific id
password = ""  # nosecret: generic.password

If for some reason you would like to avoid such behavior, there is a new --ignore-nosecret CLI flag which will tell trufflehog3 to ignore all inline comments.

Incremental Scan

You can now run an incremental scan by specifying the path to the baseline JSON report as -i/--incremental CLI argument. In this case, only the new issues compared to the baseline will be reported.

Multiprocessing

Multiprocessing support allows for much faster scans. You can alter the number of processes using -p/--processes CLI argument.

Thanks

Special thanks to Dylan Ayrey (@dxa4481), developer of the original truffleHog scanner

Contributors

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc