Here is the run with TF 3.63.4
docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
ghcr.io/trufflesecurity/trufflehog:${VERSION} \
git file:///tmp/ \
--since-commit \
${base_commit:-''} \
--branch \
${head_commit:-''} \
--fail \
--no-update \
--github-actions \
${ARGS:-''}
2024/02/27 14:05:10 [updater parent] run
2024/02/27 14:05:11 [updater parent] starting /usr/bin/trufflehog
2024/02/27 14:05:11 [updater child#1] run
2024/02/27 14:05:11 [updater child#1] start program
2024-02-27T14:05:11Z info-2 trufflehog trufflehog 3.63.4
π·ππ· TruffleHog. Unearth your secrets. π·ππ·
2024-02-27T14:05:11Z info-2 trufflehog starting scanner workers {"count": 1}
2024-02-27T14:05:11Z info-2 trufflehog starting detector workers {"count": 50}
2024-02-27T14:05:11Z info-2 trufflehog starting notifier workers {"count": 1}
2024-02-27T14:05:11Z info-1 trufflehog cloned repo {"path": "/tmp/"}
2024-02-27T14:05:11Z info-2 trufflehog enumerating source {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT"}
2024-02-27T14:05:11Z info-1 trufflehog scanning repo {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:05:11Z info-1 trufflehog reached base commit {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "commit": "0274d809000a5d61a6257e2afe6ff0a62e69b691"}
2024-02-27T14:05:11Z info-1 trufflehog scanning staged changes {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "path": "/tmp/"}
2024-02-27T14:05:11Z info-2 trufflehog finished parsing git log. {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "total_log_size": 0}
2024-02-27T14:05:11Z info-1 trufflehog scanning git repo complete {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "path": "/tmp/", "time_seconds": 0, "commits_scanned": 3}
2024-02-27T14:05:11Z info-2 trufflehog finished parsing git log. {"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "total_log_size": 1125}
::warning file=app/bad_idea.yml,line=1,endLine=1::Found verified Github result π·π
2024-02-27T14:05:11Z info-0 trufflehog finished scanning {"chunks": 4, "bytes": 267, "verified_secrets": 2, "unverified_secrets": 0, "scan_duration": "292.600071ms"}
2024-02-27T14:05:11Z info-2 trufflehog exiting with code 183 because results were found
::warning file=badidea.txt,line=1,endLine=1::Found verified Github result π·π
2024/02/27 14:05:11 [updater parent] prog exited with 183
^ correct result ^
=====
I then deleted the (older) trufflehog so latest would be pulled and ran with the same variables.
docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
ghcr.io/trufflesecurity/trufflehog:${VERSION} \
git file:///tmp/ \
--since-commit \
${base_commit:-''} \
--branch \
${head_commit:-''} \
--fail \
--no-update \
--github-actions \
${ARGS:-''}
Unable to find image 'ghcr.io/trufflesecurity/trufflehog:latest' locally
latest: Pulling from trufflesecurity/trufflehog
4abcf2066143: Already exists
6daf578b5cbf: Pull complete
4f4fb700ef54: Pull complete
ed995b8464c4: Pull complete
113de26feb23: Pull complete
Digest: sha256:1be4bda1013b2f972de0d5a1aef9224e12bcc4345e02a4f5da69b31d5c02ff20
Status: Downloaded newer image for ghcr.io/trufflesecurity/trufflehog:latest
2024/02/27 14:07:34 [updater parent] run
2024/02/27 14:07:34 [updater parent] starting /usr/bin/trufflehog
2024/02/27 14:07:37 [updater child#1] run
2024/02/27 14:07:37 [updater child#1] start program
2024-02-27T14:07:37Z info-2 trufflehog trufflehog 3.68.2
π·ππ· TruffleHog. Unearth your secrets. π·ππ·
2024-02-27T14:07:37Z info-2 trufflehog starting scanner workers {"count": 1}
2024-02-27T14:07:37Z info-2 trufflehog starting detector workers {"count": 50}
2024-02-27T14:07:37Z info-2 trufflehog starting verificationOverlap workers {"count": 1}
2024-02-27T14:07:37Z info-2 trufflehog starting notifier workers {"count": 1}
2024-02-27T14:07:37Z info-1 trufflehog cloned repo {"path": "/tmp/"}
2024-02-27T14:07:37Z info-0 trufflehog running source {"source_manager_worker_id": "HkCc1", "with_units": true}
2024-02-27T14:07:37Z info-2 trufflehog enumerating source {"source_manager_worker_id": "HkCc1"}
2024-02-27T14:07:37Z info-1 trufflehog scanning repo {"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:07:37Z info-1 trufflehog reached base commit {"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "commit": "0274d809000a5d61a6257e2afe6ff0a62e69b691"}
2024-02-27T14:07:37Z info-1 trufflehog scanning repo {"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:07:37Z info-1 trufflehog scanning staged changes {"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "path": "/tmp/"}
2024-02-27T14:07:37Z info-2 trufflehog finished parsing git log. {"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "total_log_size": 0}
2024-02-27T14:07:37Z info-1 trufflehog scanning git repo complete {"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "path": "/tmp/", "time_seconds": 0, "commits_scanned": 3}
2024-02-27T14:07:37Z info-0 trufflehog finished scanning {"chunks": 4, "bytes": 267, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "120.850735ms"}
2024/02/27 14:07:37 [updater parent] prog exited with 0
^ secrets not detected ^