Scanning GitHub with TruffleHog v3

Open Source


If you're on OSX, you can use homebrew to install:

brew install trufflehog

If you're using Linux, you can use our installation script:

curl -sSfL | sh -s -- -b /usr/local/bin

Check out the readme for other installation methods.

Scanning GitHub

The GitHub integration has many options available. The best place to start is by scanning an organization for only verified live results:

trufflehog github --org=trufflesecurity --only-verified

The GitHub integration can also scan member repositories, GitHub Wiki, Issue comments, Gist comments, and PR comments with these flags:

--[no-]include-members     Include organization member repositories in scan.
--[no-]include-wikis       Include repository wikisin scan.
--[no-]issue-comments      Include issue descriptions and comments in scan.
--[no-]pr-comments         Include pull request descriptions and comments in scan.
--[no-]gist-comments       Include gist comments in scan

If you'd like to find out more about some of the capabilities, like include and exclude

trufflehog github --help