In the press
TruffleHog: Open-Source Solution for Scanning Secrets
TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack.
Thousands of Popular Websites Leaking Secrets
Code security firm Truffle Security warns that thousands of the domains in the Alexa top 1 million websites list are leaking secrets, including credentials.
India’s national logistics portal exposed sensitive personal data, trade records
The New Stack
The Challenges of Secrets Management, from Code to Cloud
TruffleHog is a powerful open source tool for identifying secrets and sensitive information across an organization’s entire software development life cycle (SDLC). In addition to identifying secrets in code, TruffleHog can also detect insecurely shared secrets in other areas of the SDLC, such as configuration files, build scripts and deployment pipelines.
Docker users careless with secrets
The researchers emphasised that image creators need to be warned against uploading secrets to public Docker registries, and when deploying containers based on downloaded images, users should be warned that secrets like private keys might already be compromised. They also suggest that “credential-finding tools such as TruffleHog or SecretScanner … be integrated on both sides of the Docker paradigm.”
[tl;dr sec] #199 - Supply Chain Security Overview, Container Escapes, AI + Cybersecurity
Truffle’s Joe Leon et al scanned the Alexa Top 1 Million for https://.com/.git, and found 4,500 exposed their source code (note: this is not even looking at sub paths, only top level).
Founder Spotlight: Dylan Ayrey of Truffle Security
As George Washington and Bill Belichick have often said: The best defense is a good offense. One of the best examples of this adage in action is Truffle Security, which helps companies identify and address credentials and passwords before hackers are able to find and exploit them.