Learn how AI coding assistants can introduce security risks—register for the webinar

TRUFFLEHOG

CUSTOMERS

COMPANY

RESOURCES

LOG IN

Get Started

Learn how AI coding assistants can introduce security risks—register for the webinar

Unearth your secrets

TruffleHog™ is an open-source secret scanning engine that detects and helps resolve exposed secrets across your entire tech stack.

TruffleHog enterprise

TruffleHog enterprise

TruffleHog open-source

TruffleHog open-source

Trusted by dev and security TEAMS at some of the most innovative companies
Trusted by dev and security TEAMS at some of the most innovative companies

Millions of leaked secrets

Millions of secrets, including API keys, passwords, and tokens, are frequently leaking from sources like source code, chat systems, support tickets, and more, underscoring the need for robust secret leak detection.

TruffleHog digs deep

TruffleHog scans for sensitive credentials beyond the source code to include hidden content, deleted code, and version history from commonly used tools across your company.

TruffleHog enterprise

TruffleHog enterprise

TruffleHog open-source

TruffleHog open-source

Secrets detection

Secrets detection

TruffleHog sniffs out secrets everywhere: even the nooks and crannies of your GitHub comments and pull requests. TruffleHog supports the most complete list of integrations to scan across your entire SDLC.

TruffleHog sniffs out secrets everywhere: even the nooks and crannies of your GitHub comments and pull requests. TruffleHog supports the most complete list of integrations to scan across your entire SDLC.

Secrets verification

Secrets verification

TruffleHog’s open-source engine scans 800+ credential types, directly verified with key providers for unmatched scan accuracy.

TruffleHog’s open-source engine scans 800+ credential types, directly verified with key providers for unmatched scan accuracy.

In-depth analysis

In-depth analysis

TruffleHog Analyze automatically identifies the resources and permissions associated with API key and other secrets without requiring access to a provider’s UI.

TruffleHog Analyze automatically identifies the resources and permissions associated with API key and other secrets without requiring access to a provider’s UI.

Continuous monitoring

Continuous monitoring

TruffleHog continuously tracks the status of all key types to identify whether remediation has occurred. Set up alerts across the platform of your choosing and include customized messages for developers to rotate and secure keys.

TruffleHog continuously tracks the status of all key types to identify whether remediation has occurred. Set up alerts across the platform of your choosing and include customized messages for developers to rotate and secure keys.

Shift left

Shift left

With TruffleHog, security teams can make it easier for developers to revoke leaked secrets by providing them with an automatic process.

With TruffleHog, security teams can make it easier for developers to revoke leaked secrets by providing them with an automatic process.

Over 250K daily runs by developers and security teams

TruffleHog is a widely-used open-source security project with over 250,000 daily updates from our update server by developers and security teams. It has over 15,000 GitHub stars, making it a go-to tool for leading organizations across the globe.

TruffleHog enterprise

TruffleHog enterprise

TruffleHog open-source

TruffleHog open-source

250K+

Daily runs

18K+

GitHub stars

Gett rides with TruffleHog to automate secrets detection and remediation

"TruffleHog was the only tool we looked at that could go beyond simply detecting the secret. TruffleHog validates whether or not it was a live key or false positive and isolates where the secrets are in the code. This information is automatically pushed to the developer so they can pinpoint and address the issue."

Andy Pannell, Application Security Lead

Find out how Gett leveraged TruffleHog to identify and address leaked secrets with minimal strain on internal resources.

Read the case study

Gett rides with TruffleHog to automate secrets detection and remediation

"TruffleHog was the only tool we looked at that could go beyond simply detecting the secret. TruffleHog validates whether or not it was a live key or false positive and isolates where the secrets are in the code. This information is automatically pushed to the developer so they can pinpoint and address the issue."

Andy Pannell, Application Security Lead

Find out how Gett leveraged TruffleHog to identify and address leaked secrets with minimal strain on internal resources.

Read the case study

The Dig

Thoughts, research findings, reports, and more from Truffle Security Co.

May 9, 2025

This is how you build an AI Ransomware Worm

Mar 13, 2025

Introducing TruffleHog's Burp Suite Extension: A Techical Deep Dive

Feb 27, 2025

Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data

The Dig

Thoughts, research findings, reports, and more from Truffle Security Co.

May 9, 2025

This is how you build an AI Ransomware Worm

Mar 13, 2025

Introducing TruffleHog's Burp Suite Extension: A Techical Deep Dive

STAY STRONG

DIG DEEP

TRUFFLEHOG

Open-source

Enterprise

Analyze

NEW!

Forager

Security

Integrations

Pricing

CUSTOMERS

COMPANY

About

Careers

Press

FAQ

Contact us

RESOURCES

Blog

Newsletter

Library

Events

Videos

GitHub

Enterprise docs

Open-source docs

How to rotate

Brand assets

NEW!

DOING IT THE RIGHT WAY

SINCE 2021

#trufflehog-community

#Secret Scanning

© 2025 Truffle Security Co.

Privacy policy

Terms and conditions

Data processing agreement

Acceptable use policy

STAY STRONG

DIG DEEP

#trufflehog-community

#Secret Scanning

© 2025 Truffle Security Co.

Privacy policy

Terms and conditions

Data processing agreement

Acceptable use policy