Skip to main content

TruffleHog

TruffleHog is a is an open-source secret scanning engine that detects and helps resolve exposed secrets across your entire tech stack.

🚀 Usage​

Add the following command to your CI configuration file:

fluentci run --wasm trufflehog github --repo=https://github.com/dustin-decker/secretsandstuff --fail

Commands​

NameDescription
setupInstall TruffleHog
gitFind credentials in a git repositories
githubFind credentials in Github repositories
gitlabFind credentials in Gitlab repositories
filesystemFind credentials in the filesystem
s3Find credentials in AWS S3 buckets
gcsFind credentials in Google Cloud Storage buckets
syslogScan syslog
circleciScan CircleCI
dockerScan Docker Image
travisciScan TravisCI
postmanScan Postman
jenkinsScan Jenkins
elasticsearchScan Elasticsearch
huggingfaceScan Huggingface

Code examples​

Add fluentci-pdk crate to your Cargo.toml:

[dependencies]
fluentci-pdk = "0.2.1"

Use the following code to call a module function:

use fluentci_pdk::dag;

// ...

dag().call(
"https://pkg.fluentci.io/[email protected]?wasm=1",
"github",
vec!["--repo=https://github.com/dustin-decker/secretsandstuff", "--fail"],
);

CI/CD integrations​

The following examples show how to integrate FluentCI with popular CI providers to scan for exposed secrets using TruffleHog:

ci.yml
name: ci
on:
push:
branches:
- main
jobs:
tasks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Fluent CI
uses: fluentci-io/setup-fluentci@v5
with:
wasm: true
plugin: trufflehog
args: |
github --repo=https://github.com/dustin-decker/secretsandstuff --fail