Scott Bailey
Scott Bailey
**Describe the bug** I was just reviewing a run log for one of our nontrivial AWS accounts, and got pages and pages of this: ``` | 2022-01-25T07:11:16.883-05:00 | 2022-01-25 12:11:16...
# Description The existing regexes used for AWS user data secrets are prone to false positives because they match strings which might be substrings of longer, innocuous strings. "Secret Access...
**Describe the bug** "Potential Secret in Instance User Data" is easily triggered by innocuous strings that clearly are not actual secrets. **To Reproduce** In the case of "AWS Secret Access...
To help us get this pull request reviewed and merged quickly, please be sure to include the following items: * [ ] Tests (if applicable) * [ ] Documentation (if...
## 🐛 Bug Report It's well-established that tartufo will examine configuration files in the target repository in order to parameterize a scan, but it is not possible to specify what...
## 🐛 Bug Report Tartufo does not scan commits that are not reachable from a currently existing branch. ## To Reproduce ```bash $ python tartufo/__main__.py --output-format compact --no-entropy scan-remote-repo https://mysite/my-tartufo-test...
## Feature Request Currently, per-issue files (created using `--output-dir`) have non-deterministic names based on generated UUIDs. I suggest that we name these files using the issue hash instead. This would...
## Feature Request ## Is your feature request related to a problem? Please describe. tartufo will not detect Linux passwords that have been hashed using many common algorithms. These may...
## Feature Request ## Is your feature request related to a problem? Please describe. Presently, we are trying to steer people towards exclusion patterns like `uses:(.*)@[a-zA-Z0-9]{40}$` -- however, that may...
To help us get this pull request reviewed and merged quickly, please be sure to include the following items: * [ ] Tests (if applicable) * [ ] Documentation (if...