$ brew install trufflesecurity/trufflehog/trufflehog
READ THE DOCS
Secrets in unexpected places
Scan the version history of all platforms for hidden secrets. TruffleHog scans beyond code repositories to identify secrets hidden in comments, Docker images, and more.
Use pre-commit and pre-receive hooks so that developers can prevent leaked keys in the first place. Automatically run security scans before commits, and prevent accidental inclusion of sensitive data.
TruffleHog constantly tracks the status of different key types to verify their remediation. You can set up alert reminders on your preferred platform with links to guides on how to rotate and secure keys effectively.
Comprehensive multi-branch analysis
By scanning all branches, not just the main or primary branch, TruffleHog™ ensures a consistent level of security across your entire project. This is particularly useful for larger projects with multiple branches being worked on concurrently.
For every potential credential that is detected, we've painstakingly implemented programmatic verification using it's protocol or API. This verification removes false positives.
Open-source software is transparent and available for inspection. Many developers volunteer their time to audit and improve it. This community verifies and checks each other’s work, so there’s never a need to blindly trust one developer. You can check it out yourself!
We are excited to shine the spotlight on Richard Gomez - a dedicated supporter (and truffle hunter) who has made significant contributions to the TruffleHog Community.
200+ contributions over the last year including TruffleHog, Gitleaks, and 29 other repos
WHAT DRIVES YOU?
“While my primary motivation is to help projects enhance their security posture, I can’t deny the thrill of discovering secrets — I truly feel like a pig hunting for truffles. Of course, when I run it for my own code or code that I’m reviewing, I’m hoping not to find any secrets!”