-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding the capability for scanning a directory #37
Conversation
Wonder why this is still not merged :| Would make multi-tool wrappers implementation so much better. Right now I'm cloning a repo and scan it with multiple tools and all except for truffleHog assume I've scanned a repo myself. Have to let truffleHog clone again to be able to use it as is (without forking) which is a total pita. |
@ddnomad Have you considered https://github.com/anshumanbh/git-all-secrets? |
@anshumanbh Yep, that was a very first candidate. Sadly scanning to be done both on premises and locally and I'm not sure your tool supports it. |
Sorry, been busy with a defcon talk and other life stuff, I'll carve out some time to go through the PR backlog soon |
Any movement on this? Would love to see this functionality. |
Hey @dxa4481 could you review this PR, I have a use-case where directory scanning is involved and not a git repo. If you need to any help, I would love to take this up. |
Bump on this. 🎉 |
I've also a use for this functionality & I'm willing to put effort to get this working. |
Hate to bump this but any updates? |
Fwiw, I've been using this fork: https://github.com/feeltheajf/truffleHog3 |
@dxa4481 need this as well. :) |
Any news? Really nice feature to have... |
Runako Godfrey seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
Hey there, we've just released the next major version of TruffleHog! It includes filesystem scanning! It is a complete rewrite that scans more data sources and now supports detecting and verifying over 600 credentials. https://trufflesecurity.com/blog/introducing-trufflehog-v3 We're no longer maintaining v2 so I am closing this PR. |
This PR adds the capability for truffleHog to recursively scan a directory instead of a Git repository with all its history. This can be useful in CI pipelines or other situations where it is desirable to scan the codebase at a single point in time. Additionally, it can also be used to scan code that is not stored in Git.
I've done some minor refactoring to the existing scanning code to reduce code duplication.