Dustin Decker

Thanks for digging into this. I think it's reasonable to remove from that detectors that use UUIDs, but also 0-9 should be removed from the badlist data.

Closed by https://github.com/trufflesecurity/trufflehog/pull/2351 I know that's not the most holistic improvement. This should become more configurable in the future.

Thank you for surfacing this issue. I think option 1 that @nyanshak proposed would be preferred. A PR would definitely be appreciated.

Thanks @ManQuiche, that's really great.

Hey @ManQuiche, any new updates on this change?

Yes, please upload what you have. You can upload a draft PR if you'd like. We can take a look at what it will take to finish it up.

Could you provide the secret type that you observed this issue with?

Go-git is pretty memory hungry for large repos. The concurrency controls how many repositories are scanned concurrently for git. We're looking into removing the go-git dependency to improve the memory...

Could you see if this has improved in the latest release (v3.25.3+)? https://github.com/trufflesecurity/trufflehog/pull/1035 may have helped.

`principal-aaas` is actually a user, but it should still work. TruffleHog first tries to enumerate the org and should fall back to the user. It works with my username, which...