Scanning integrations to cover your entire SDLC
secrets leaks across all the platforms from a single pane of glass.
Goodbye, false positives
Eliminate false positives with over 700 secret detectors that support automatic API verification. When a new key is found, TruffleHog will check the key against the provider to determine what the key has access to. No more worrying about triaging false positives or dead keys.
Many secrets can be found outside of plaintext files. TruffleHog’s decoders can find those secrets in PDFs, images, encoded text, executables and much more!
Private key private investigator
We find lots of private keys with TruffleHog. So we continuously index over 12,000,000,000 public keys from Certificate Transparency and GitHub SSH to immediately know which private keys are sensitive. We call this technology Driftwood and it’s Open Source and integrated with TruffleHog.
Yours or ours
TruffleHog can be run on-premises or from our secure isolated cloud instances. This makes TruffleHog a great option for scanning on your internal network.
New updates to TruffleHog are automatically pushed to your instance to ensure that new integrations, supported secrets, remediation workflows, and patches are added as they become available.
TruffleHog’s remediation workflows shift the responsibility of rotating each key to the person that leaked it. For example, TruffleHog can auto-file and assign jira tickets to the leaker or Create Slack channels to remind and verify leak remediation automatically.
Most source code and document history are buried in the past. We scan all current and previous versions, attachments, artifacts, comments, and logs of our integrations to ensure a deep analysis is performed.
An AWS credential posted publicly on GitHub is compromised in minutes, often leading to crypto mining, ransomware, or worse in your cloud environment. Truffle Security monitors your public and private data sources in real time to enable you to take action when it matters most.
TruffleHog’s pre-commit and pre-receive hooks for developers prevent the keys being leaked out in the first place. Also, our various CI/CD integrations provide additional assurances that prevent secret leaks before they reach production systems.
TruffleHog is a security tool, built by a security passionate community. Checkout everything we are doing to secure TruffleHog.