trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

Add severity for each finding

Open roisec opened this issue 11 months ago • 3 comments

Description Add a severity level (e.g., Low, Medium, High, Critical) to each finding to help prioritize remediation efforts.

Preferred Solution Include a severity field in the output based on the type of secret and its impact. Example: Critical/high/medium

Additional Context This will improve triaging and integration with CI/CD pipelines.

roisec avatar Dec 19 '24 09:12 roisec

I like the idea, but I am thinking about on what basis TruffleHog will assign severity?

kashifkhan0771 avatar Dec 20 '24 07:12 kashifkhan0771

Based on the risk of the relevant secret

roisec avatar Dec 23 '24 13:12 roisec

Just to echo on this, I like this idea. It could be done based on Detector i.e. WorldWeather = Low. (Not saying this API key is a low risk if its leaked, I haven't done enough research for that)

It doesn't have to be hardcoded into the detectors themselves, perhaps an option in the config file e.g.

detector_severity:
  WorldWeather: low
  CustomRegex: critical

domwhewell-sage avatar Jan 31 '25 09:01 domwhewell-sage