Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
626 commits 139 branches 257 tags 147 MiB
Commit graph

626 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dustin Decker
c80bd5e905 Fix linting and dogfood in CI 2022-03-04 08:39:23 -08:00
Bill Rich
9f378b8cb3 Resolve a ref as arg for --since_commit (#57) 2022-03-04 08:39:23 -08:00
dependabot[bot]
4948ae8617 Bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.4 (#56) 
Bumps [github.com/envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate) from 0.6.3 to 0.6.4.
- [Release notes](https://github.com/envoyproxy/protoc-gen-validate/releases)
- [Commits](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.6.3...v0.6.4)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-04 08:39:23 -08:00
Dustin Decker
6f32b108a3 Disable GetEmails 2022-03-04 08:39:22 -08:00
trufflesteeeve
9cb99e5aa4 578 Fix gitlab basic auth with access tokens (#54) 2022-03-04 08:39:22 -08:00
dependabot[bot]
88743821e1 Bump github.com/aws/aws-sdk-go-v2/credentials from 1.8.0 to 1.9.0 (#53) 
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-04 08:39:22 -08:00
dependabot[bot]
441d512f1d Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.14.0 to 1.15.0 (#52) 
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.14.0...service/s3/v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-04 08:39:22 -08:00
dependabot[bot]
d2d8259bc1 Bump golangci/golangci-lint-action from 2 to 3 (#51) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 2 to 3.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-04 08:39:22 -08:00
Dustin Decker
a78413102c add linting (#14) 2022-03-04 08:39:22 -08:00
Bill Rich
c144630c54 Add parent results to ignore list (#47) 
* Add parent results to ignore list

* Force concurrency to 1 when base commit is set
 2022-03-04 08:39:22 -08:00
Bill Rich
b25295580a Actually save the normalized repos (#50) 2022-03-04 08:39:22 -08:00
Dustin Decker
7f7e2665a0 Change BasicAuthWithHeader to just Header 2022-03-04 08:39:22 -08:00
Dustin Decker
1da3e0f723 turn off getemail scanner 2022-03-04 08:39:22 -08:00
Bill Rich
c742f6a816 Do not continue if semaphore can't be acquired (#49) 2022-03-04 08:39:22 -08:00
Bill Rich
30034f5d28 Use metadata specific to source type (#48) 2022-03-04 08:39:22 -08:00
dependabot[bot]
af5d358166 Bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1453 to 1.61.1465 (#45) 
Bumps [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) from 1.61.1453 to 1.61.1465.
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](https://github.com/aliyun/alibaba-cloud-sdk-go/compare/v1.61.1453...v1.61.1465)

---
updated-dependencies:
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-04 08:39:22 -08:00
Dustin Decker
8b500219f8 Add new credential type for Jenkins 2022-03-04 08:39:22 -08:00
Bill Rich
56dc1b109c Check commit order, dedupe results, and support using a head commit. (#44) 
* Check commit order and support using a head commit.

* Only apply dedupe to git bases source
 2022-03-04 08:39:22 -08:00
Dustin Decker
b054739984 Not all prefixes are credentials for AWS, fix capturing group 2022-03-04 08:39:22 -08:00
Dustin Decker
736fa201f2 fix logging 2022-03-04 08:39:22 -08:00
Dustin Decker
86c2eb507b Adding detectors (#46) 
* rename secret

* Add supporting docs and tooling for adding new detectors
 2022-03-04 08:39:22 -08:00
Dustin Decker
b2a9d5b0a9 Update AWS prefixes 2022-03-04 08:39:22 -08:00
Dustin Decker
c20e9f4732 improvements 2022-03-04 08:39:17 -08:00
Dustin Decker
77418fb3f8 module v3 2022-02-15 18:54:47 -08:00
Dustin Decker
0427a995d3 print banner to stderr 2022-02-15 18:54:47 -08:00
Dustin Decker
79496b8142 Add context timeout to scanners 2022-02-15 18:54:47 -08:00
Dustin Decker
ee99f0c9a2 Record avg detector time 2022-02-15 18:54:47 -08:00
dependabot[bot]
270d83c3d7 Bump github.com/xanzy/go-gitlab from 0.54.3 to 0.54.4 (#39) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.54.3 to 0.54.4.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.54.3...v0.54.4)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-15 18:54:47 -08:00
dependabot[bot]
df77d0385b Bump cloud.google.com/go/secretmanager from 1.0.0 to 1.1.0 (#41) 
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.0.0...dlp/v1.1.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-15 18:54:47 -08:00
Dustin Decker
ee90ab344f Use sane http client instead of retryable 2022-02-15 18:54:47 -08:00
Bill Rich
2d8756938d Fast git scanning (#40) 
* Fast git scanning

* Use original tests

* Use committer time

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
 2022-02-15 18:54:47 -08:00
Dustin Decker
152ef6d4e1 add include forks option (#37) 2022-02-15 18:54:47 -08:00
Dustin Decker
c131a6e4ae add debug pprof server and metrics server 2022-02-15 18:54:47 -08:00
Dustin Decker
8a03899b43 use sane http client for spotifykey 2022-02-15 18:54:47 -08:00
Bill Rich
1fb767247f Add missing pagination on github calls (#30) 
* Add missing pagination on github calls

Includes some refactoring to improve readability and code reuse.

* Close response body and handle rate limit

* Re-include support for including users as repos to github scans

* Fix gist test to match new func signature

* Add current test name to logging

* Support username as org use case

* Also include no-auth user as org

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
 2022-02-15 18:54:47 -08:00
Bill Rich
6b183424f5 Match expected chunks to actual 2022-02-15 18:54:47 -08:00
Dustin Decker
6f1ba7de90 make message clearer 2022-02-15 18:54:47 -08:00
Bill Rich
2cc34f4633 Make tests more resilliant and more coverage 2022-02-15 18:54:47 -08:00
Dustin Decker
a96de1a2cd update docs and support multi platform docker images 2022-02-15 18:54:47 -08:00
Dustin Decker
c45bca4b8b only verified results 2022-02-15 18:54:47 -08:00
Dustin Decker
e15fa3a5be helpful logging 2022-02-15 18:54:47 -08:00
Dustin Decker
1e7ee2f4ef Dependabot should update actions 2022-02-15 18:54:47 -08:00
dependabot[bot]
ef1281a32f Bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1453 to 1.61.1465 
Bumps [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) from 1.61.1453 to 1.61.1465.
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](https://github.com/aliyun/alibaba-cloud-sdk-go/compare/v1.61.1453...v1.61.1465)

---
updated-dependencies:
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-15 18:54:47 -08:00
Dustin Decker
44d113c408 Add concurrency to gitlab source integration 2022-02-15 18:54:47 -08:00
Dustin Decker
7e38e699f6 GitHub concurrency (#25) 
* GitHub scan concurrency

* Add raw result to plain output

* Fix flakey test (still flakey)

* Fix race
 2022-02-15 18:54:47 -08:00
Bill Rich
206b99704b Change log order and path filtering. 2022-02-15 18:54:47 -08:00
Dustin Decker
26184dc2cd Fix incorrect commit skipped error 2022-02-15 18:54:47 -08:00
Dustin Decker
3da3f1ec94 Add gitlab pagination support (#26) 2022-02-15 18:54:47 -08:00
Bill Rich
28ed0c3b7c Complete support for existing git scan flags (#13) 
* Add `since_commit` to git scan

* Support `max_depth` option for git scan

* Use new options in github and gitlab sources

* Address review feedback

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
 2022-02-15 18:54:47 -08:00
Dustin Decker
8b15bc0a0a make dogfood 2022-02-15 18:54:47 -08:00