trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Added Onfido API Token detector

Open lucasan1 opened this issue 1 year ago • 2 comments

Description:

Add Onfido API Token detector to recognize this type of secrets. Documentation on API token can be found here: https://documentation.onfido.com/api/latest/#api-tokens.

Note that Onfido is a GitHub secret scanning partner and those tokens are detected by the built-in GitHub scanner.

Test

Tested in local, it worked fine for both non verified and verified detection. To test the former, it's possible to use this repo which is an official GitHub secret scanning test repository, to test the latter please reach out to me as i can generate valid API tokens to validate.

Cli command: ./trufflehog git https://github.com/dry-runs-test/test-new-repo-2/ --include-detectors=onfido

lucasan1 avatar Sep 02 '24 10:09 lucasan1

Hello @zricethezav , apologize for pinging you directly, the code works and is ready, may i ask you to double check and approve? Thank you and have a good day

lucasan1 avatar Sep 25 '24 12:09 lucasan1

@lucasan1 can you please resolve the conflicts and update the PR?

kashifkhan0771 avatar May 15 '25 10:05 kashifkhan0771