Skip to content

Instantly share code, notes, and snippets.

@jingles
Created February 27, 2024 14:21
Show Gist options
  • Save jingles/262a42a6edaf0647cf723ceb6ce09f51 to your computer and use it in GitHub Desktop.
Save jingles/262a42a6edaf0647cf723ceb6ce09f51 to your computer and use it in GitHub Desktop.
Something has changed since 3.63.4 and my github PAT is not recognized

Here is the run with TF 3.63.4

docker run --rm -v "$REPO_PATH":/tmp -w /tmp \             
      ghcr.io/trufflesecurity/trufflehog:${VERSION} \
      git file:///tmp/ \
      --since-commit \
      ${base_commit:-''} \
      --branch \
      ${head_commit:-''} \
      --fail \
      --no-update \
      --github-actions \
      ${ARGS:-''}
2024/02/27 14:05:10 [updater parent] run
2024/02/27 14:05:11 [updater parent] starting /usr/bin/trufflehog
2024/02/27 14:05:11 [updater child#1] run
2024/02/27 14:05:11 [updater child#1] start program
2024-02-27T14:05:11Z	info-2	trufflehog	trufflehog 3.63.4
πŸ·πŸ”‘πŸ·  TruffleHog. Unearth your secrets. πŸ·πŸ”‘πŸ·

2024-02-27T14:05:11Z	info-2	trufflehog	starting scanner workers	{"count": 1}
2024-02-27T14:05:11Z	info-2	trufflehog	starting detector workers	{"count": 50}
2024-02-27T14:05:11Z	info-2	trufflehog	starting notifier workers	{"count": 1}
2024-02-27T14:05:11Z	info-1	trufflehog	cloned repo	{"path": "/tmp/"}
2024-02-27T14:05:11Z	info-2	trufflehog	enumerating source	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT"}
2024-02-27T14:05:11Z	info-1	trufflehog	scanning repo	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:05:11Z	info-1	trufflehog	reached base commit	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "commit": "0274d809000a5d61a6257e2afe6ff0a62e69b691"}
2024-02-27T14:05:11Z	info-1	trufflehog	scanning staged changes	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "path": "/tmp/"}
2024-02-27T14:05:11Z	info-2	trufflehog	finished parsing git log.	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "total_log_size": 0}
2024-02-27T14:05:11Z	info-1	trufflehog	scanning git repo complete	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "path": "/tmp/", "time_seconds": 0, "commits_scanned": 3}
2024-02-27T14:05:11Z	info-2	trufflehog	finished parsing git log.	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "total_log_size": 1125}
::warning file=app/bad_idea.yml,line=1,endLine=1::Found verified Github result πŸ·πŸ”‘
2024-02-27T14:05:11Z	info-0	trufflehog	finished scanning	{"chunks": 4, "bytes": 267, "verified_secrets": 2, "unverified_secrets": 0, "scan_duration": "292.600071ms"}
2024-02-27T14:05:11Z	info-2	trufflehog	exiting with code 183 because results were found
::warning file=badidea.txt,line=1,endLine=1::Found verified Github result πŸ·πŸ”‘
2024/02/27 14:05:11 [updater parent] prog exited with 183

^ correct result ^

=====

I then deleted the (older) trufflehog so latest would be pulled and ran with the same variables.

docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
      ghcr.io/trufflesecurity/trufflehog:${VERSION} \
      git file:///tmp/ \
      --since-commit \
      ${base_commit:-''} \
      --branch \
      ${head_commit:-''} \
      --fail \
      --no-update \
      --github-actions \
      ${ARGS:-''}
Unable to find image 'ghcr.io/trufflesecurity/trufflehog:latest' locally
latest: Pulling from trufflesecurity/trufflehog
4abcf2066143: Already exists 
6daf578b5cbf: Pull complete 
4f4fb700ef54: Pull complete 
ed995b8464c4: Pull complete 
113de26feb23: Pull complete 
Digest: sha256:1be4bda1013b2f972de0d5a1aef9224e12bcc4345e02a4f5da69b31d5c02ff20
Status: Downloaded newer image for ghcr.io/trufflesecurity/trufflehog:latest
2024/02/27 14:07:34 [updater parent] run
2024/02/27 14:07:34 [updater parent] starting /usr/bin/trufflehog
2024/02/27 14:07:37 [updater child#1] run
2024/02/27 14:07:37 [updater child#1] start program
2024-02-27T14:07:37Z	info-2	trufflehog	trufflehog 3.68.2
πŸ·πŸ”‘πŸ·  TruffleHog. Unearth your secrets. πŸ·πŸ”‘πŸ·

2024-02-27T14:07:37Z	info-2	trufflehog	starting scanner workers	{"count": 1}
2024-02-27T14:07:37Z	info-2	trufflehog	starting detector workers	{"count": 50}
2024-02-27T14:07:37Z	info-2	trufflehog	starting verificationOverlap workers	{"count": 1}
2024-02-27T14:07:37Z	info-2	trufflehog	starting notifier workers	{"count": 1}
2024-02-27T14:07:37Z	info-1	trufflehog	cloned repo	{"path": "/tmp/"}
2024-02-27T14:07:37Z	info-0	trufflehog	running source	{"source_manager_worker_id": "HkCc1", "with_units": true}
2024-02-27T14:07:37Z	info-2	trufflehog	enumerating source	{"source_manager_worker_id": "HkCc1"}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning repo	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:07:37Z	info-1	trufflehog	reached base commit	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "commit": "0274d809000a5d61a6257e2afe6ff0a62e69b691"}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning repo	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning staged changes	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "path": "/tmp/"}
2024-02-27T14:07:37Z	info-2	trufflehog	finished parsing git log.	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "total_log_size": 0}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning git repo complete	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "path": "/tmp/", "time_seconds": 0, "commits_scanned": 3}
2024-02-27T14:07:37Z	info-0	trufflehog	finished scanning	{"chunks": 4, "bytes": 267, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "120.850735ms"}
2024/02/27 14:07:37 [updater parent] prog exited with 0

^ secrets not detected ^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment