trufflehog

trufflehog copied to clipboard

trufflehog:ignore - buildkite - gh action

2

Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting ### TruffleHog Version Status: Downloaded newer image for ghcr.io/trufflesecurity/trufflehog:latest gh action: trufflehog 3.88.15 ### Trace Output https://gist.github.com/sean-simmons-progress/d62a2103910865f54fd3c1f399d32641 ### Expected Behavior With the trufflehog:ignore...

sean-sype-simmons

Support for scanning local docker image

1

## Description Please add support for scanning docker image which is present locally (just built) instead of pulling it from the registry. ### Preferred Solution If the image is available...

t3mi

Request Method Customization in Custom Detector

2

Currently, TruffleHog custom detectors do not support customization of the HTTP request method (e.g., GET, POST, PUT, DELETE) used during outbound validation. This limits compatibility with certain APIs that require...

effortlessdevsec

feat: Support verifying govcloud aws sessions

3

Add support to query govcloud sts endpoints for session tokens. ### Description: While doing some experimentation I noticed that govcloud sessions would never detect, so I added the logic to...

strazzere

fix: update README docs for shallow cloning

1

Current example for using trufflehog in GitHub actions with shallow cloning is unfortunately susceptible to a quoting injection. Specifically, if any of the commits include the single quote mark, the...

skrobul

Fix broken & inaccurate detector unit tests

7

The detector unit tests were created by "reverse engineering" the patterns, thus they do not provide any real value or confirm how accurate the detectors are. Additionally, the structure of...

rgmz

feat(git): support custom user-agent for git clone

1

### Description: This PR is to enable customers to use custom user agents during a git clone ### Checklist: * [ ] Tests passing (`make test-community`)? * [ ] Lint...

orionooooo

### Description: The `github.go` file is large and unwieldy. Per https://github.com/trufflesecurity/trufflehog/pull/3298#issuecomment-2510010947, `Chunks` is only used by the enterprise code and so I've marked it as deprecated and moved it into...

rgmz

jdbc url with just host and port triggers false alert

3

Please review the [Community Note](https://github.com/trufflesecurity/trufflehog/blob/main/.github/community_note.md) before submitting ### TruffleHog Version 3.88.2 ### Trace Output https://gist.github.com/david-gang/370f0b4ec43afe9a2bcd835c635a01fb ### Expected Behavior this is part of a local docker compose environment: ``` flyway: image:...

david-gang

NpmToken detector should verify against the registry URL, if present

1

### Community Note * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request * Please do...

rgmz