Dustin Decker

You might enjoy https://github.com/trufflesecurity/Trufflehog-Chrome-Extension for now. It doesn't support verification or all of the detectors but we have found some keys with it.

It appears that there is only a key id. Both a key id and a secret value are required for AWS credentials.

I am still not seeing the secret value in the repository, but you're probably seeing a limitation where the key id and the secret were added in different commits. Right...

Closing because we are already tracking requests for generic key detection, and are not adding it at this time.

The updater encountered a permission issue while trying to replace the binary. You can run with `--no-update` to get around that.

Shouldn't we use the TeeReader instead of copying to disk? https://stackoverflow.com/a/39792097/11976023

Approach 1 will be coming to our commercial offering of TruffleHog later this year. Some detectors do approach 2, especially if the service provider uses a subdomain per tenant. Here...

Hey there, we've just released the next major version of TruffleHog! It doesn't support ignoring strings, but this is a good feature request. It is a complete rewrite that scans...

That's pretty interesting, thank you for sharing. TruffleHog does not currently scan commit metadata.

Hey Marcelo, I don't think we will add this. It would be a very large effort for the amount of credentials that we cover. The source code is available for...