Identify the permissions and resources linked to leaked credentials with TruffleHog Analyze

TRUFFLEHOG

CUSTOMERS

COMPANY

RESOURCES

LOG IN

Get Started

Scanning GitHub with TruffleHog v3

Open Source

Installation

If you're on OSX, you can use homebrew to install:

brew install trufflehog

If you're using Linux, you can use our installation script:

curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin

Check out the readme for other installation methods.

Scanning GitHub

The GitHub integration has many options available. The best place to start is by scanning an organization for only verified live results:

trufflehog github --org=trufflesecurity --only-verified

The GitHub integration can also scan member repositories, GitHub Wiki, Issue comments, Gist comments, and PR comments with these flags:

--[no-]include-members     Include organization member repositories in scan.
--[no-]include-wikis       Include repository wikisin scan.
--[no-]issue-comments      Include issue descriptions and comments in scan.
--[no-]pr-comments         Include pull request descriptions and comments in scan.
--[no-]gist-comments       Include gist comments in scan


If you'd like to find out more about some of the capabilities, like include and exclude

trufflehog github --help

STAY STRONG

DIG DEEP

TRUFFLEHOG

Open-source

Enterprise

Analyze

NEW!

Forager

Security

Integrations

Pricing

CUSTOMERS

COMPANY

About

Careers

Press

FAQ

Contact us

RESOURCES

Blog

Content library

Events

Videos

GitHub

Enterprise docs

Open-source docs

How to rotate

NEW!

DOING IT THE RIGHT WAY

SINCE 2021

#trufflehog-community

#Secret Scanning

© 2024 Truffle Security Co.

Privacy policy

Terms and conditions

Data processing agreement

Acceptable use policy