Trufflehog

This producer component scans for secrets in Git repositories, chats, wikis, logs, API testing platforms, object stores, filesystems and more. Read more about what it does on the Trufflehog homepage and GitHub repo.

How to use with Smithy

Open-Source

Add the Helm package to the pipeline settings:

---
# file: ./my-pipeline/kustomization.yaml
components:
  - pkg:helm/smithy-security-oss-components/producer-trufflehog

Configure the run parameters of the component in the pipeline run file. All parameters are optional:

# file: ./my-pipeline/pipelinerun.yaml
---
...
spec:
  ...
  params:
  - name: producer-trufflehog-git-repository
    value: <Target Git repo URL>

SaaS

In the Smithy UI, open the page to create a new workflow.
Find the Trufflehog in the Producers dropdown.

Options

You can configure this component with the following option:

Option Name	Description	Default	Type
producer-trufflehog-git-repository	Repository URL to scan, if you are not using another source.	""	String

Trufflehog

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options