DefectDojo
Trufflehog v3+ JSON format not supported
DefectDojo currently has two parsers for "Trufflehog":
The first parser works for the old JSON format for Trufflehog. This output format can be generated by the latest version of Trufflehog with the --json-legacy flag.
According to #3935, the second parser is meant to support truffleHog3, a fork / enhanced version of the initial Trufflehog.
Version 3.0+ of the original Trufflehog introduces a new JSON format that is currently unsupported by DefectDojo. This output format can be generated by the latest version of Trufflehog with the --json flag. Support for this format is essential because it is the only output format supported by Trufflehog for non-git data sources.
The choice of the names for the second parser is also unfortunate because it leads to confusion over whether it is meant for Trufflehog v3+ or truffleHog3.
I would be happy to contribute support for the new JSON format but would like to open up discussions over cleaning up the naming confusion for the different parsers first.
what a mess. My understanding is it's 2 different projects that share the same name. How unfortunate. I think @Maffooch made an excellent job in #6937 to solve this issue by adding accurate descriptions for both parsers.
@damiencarol Requesting to reopen this because #6937 doesn't add full support for the v3+ JSON. The latest version of Trufflehog adds support for collectors like the filesystem one that does not contain the git commit information that the current code expects is there.
@Ayrx mmm. better to open a new issue. I hope the format doesn't change too much. I can take a look if you open a new issue.