Skip to content

Instantly share code, notes, and snippets.

@jingles

jingles/trufflehog_version_diff.md

Created February 27, 2024 14:21
Show Gist options
  • Save jingles/262a42a6edaf0647cf723ceb6ce09f51 to your computer and use it in GitHub Desktop.
Save jingles/262a42a6edaf0647cf723ceb6ce09f51 to your computer and use it in GitHub Desktop.
Download ZIP
Something has changed since 3.63.4 and my github PAT is not recognized
Raw
trufflehog_version_diff.md

Here is the run with TF 3.63.4

docker run --rm -v "$REPO_PATH":/tmp -w /tmp \             
      ghcr.io/trufflesecurity/trufflehog:${VERSION} \
      git file:///tmp/ \
      --since-commit \
      ${base_commit:-''} \
      --branch \
      ${head_commit:-''} \
      --fail \
      --no-update \
      --github-actions \
      ${ARGS:-''}
2024/02/27 14:05:10 [updater parent] run
2024/02/27 14:05:11 [updater parent] starting /usr/bin/trufflehog
2024/02/27 14:05:11 [updater child#1] run
2024/02/27 14:05:11 [updater child#1] start program
2024-02-27T14:05:11Z	info-2	trufflehog	trufflehog 3.63.4
πŸ·πŸ”‘πŸ·  TruffleHog. Unearth your secrets. πŸ·πŸ”‘πŸ·

2024-02-27T14:05:11Z	info-2	trufflehog	starting scanner workers	{"count": 1}
2024-02-27T14:05:11Z	info-2	trufflehog	starting detector workers	{"count": 50}
2024-02-27T14:05:11Z	info-2	trufflehog	starting notifier workers	{"count": 1}
2024-02-27T14:05:11Z	info-1	trufflehog	cloned repo	{"path": "/tmp/"}
2024-02-27T14:05:11Z	info-2	trufflehog	enumerating source	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT"}
2024-02-27T14:05:11Z	info-1	trufflehog	scanning repo	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:05:11Z	info-1	trufflehog	reached base commit	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "commit": "0274d809000a5d61a6257e2afe6ff0a62e69b691"}
2024-02-27T14:05:11Z	info-1	trufflehog	scanning staged changes	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "path": "/tmp/"}
2024-02-27T14:05:11Z	info-2	trufflehog	finished parsing git log.	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "total_log_size": 0}
2024-02-27T14:05:11Z	info-1	trufflehog	scanning git repo complete	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "repo": "git@github.com:Media-Platforms/appropes.git", "path": "/tmp/", "time_seconds": 0, "commits_scanned": 3}
2024-02-27T14:05:11Z	info-2	trufflehog	finished parsing git log.	{"source_manager_worker_id": "8BiWO", "job_id": 1, "source_id": 1, "source_name": "trufflehog - git", "source_type": "SOURCE_TYPE_GIT", "unit": "/tmp/", "total_log_size": 1125}
::warning file=app/bad_idea.yml,line=1,endLine=1::Found verified Github result πŸ·πŸ”‘
2024-02-27T14:05:11Z	info-0	trufflehog	finished scanning	{"chunks": 4, "bytes": 267, "verified_secrets": 2, "unverified_secrets": 0, "scan_duration": "292.600071ms"}
2024-02-27T14:05:11Z	info-2	trufflehog	exiting with code 183 because results were found
::warning file=badidea.txt,line=1,endLine=1::Found verified Github result πŸ·πŸ”‘
2024/02/27 14:05:11 [updater parent] prog exited with 183

^ correct result ^

=====

I then deleted the (older) trufflehog so latest would be pulled and ran with the same variables.

docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
      ghcr.io/trufflesecurity/trufflehog:${VERSION} \
      git file:///tmp/ \
      --since-commit \
      ${base_commit:-''} \
      --branch \
      ${head_commit:-''} \
      --fail \
      --no-update \
      --github-actions \
      ${ARGS:-''}
Unable to find image 'ghcr.io/trufflesecurity/trufflehog:latest' locally
latest: Pulling from trufflesecurity/trufflehog
4abcf2066143: Already exists 
6daf578b5cbf: Pull complete 
4f4fb700ef54: Pull complete 
ed995b8464c4: Pull complete 
113de26feb23: Pull complete 
Digest: sha256:1be4bda1013b2f972de0d5a1aef9224e12bcc4345e02a4f5da69b31d5c02ff20
Status: Downloaded newer image for ghcr.io/trufflesecurity/trufflehog:latest
2024/02/27 14:07:34 [updater parent] run
2024/02/27 14:07:34 [updater parent] starting /usr/bin/trufflehog
2024/02/27 14:07:37 [updater child#1] run
2024/02/27 14:07:37 [updater child#1] start program
2024-02-27T14:07:37Z	info-2	trufflehog	trufflehog 3.68.2
πŸ·πŸ”‘πŸ·  TruffleHog. Unearth your secrets. πŸ·πŸ”‘πŸ·

2024-02-27T14:07:37Z	info-2	trufflehog	starting scanner workers	{"count": 1}
2024-02-27T14:07:37Z	info-2	trufflehog	starting detector workers	{"count": 50}
2024-02-27T14:07:37Z	info-2	trufflehog	starting verificationOverlap workers	{"count": 1}
2024-02-27T14:07:37Z	info-2	trufflehog	starting notifier workers	{"count": 1}
2024-02-27T14:07:37Z	info-1	trufflehog	cloned repo	{"path": "/tmp/"}
2024-02-27T14:07:37Z	info-0	trufflehog	running source	{"source_manager_worker_id": "HkCc1", "with_units": true}
2024-02-27T14:07:37Z	info-2	trufflehog	enumerating source	{"source_manager_worker_id": "HkCc1"}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning repo	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:07:37Z	info-1	trufflehog	reached base commit	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "commit": "0274d809000a5d61a6257e2afe6ff0a62e69b691"}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning repo	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "base": "0274d809000a5d61a6257e2afe6ff0a62e69b691", "head": "07d844f10ecc4a3fdc5000252ec40c4b366f6969"}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning staged changes	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "path": "/tmp/"}
2024-02-27T14:07:37Z	info-2	trufflehog	finished parsing git log.	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "total_log_size": 0}
2024-02-27T14:07:37Z	info-1	trufflehog	scanning git repo complete	{"source_manager_worker_id": "HkCc1", "unit": "/tmp/", "unit_kind": "dir", "repo": "git@github.com:Media-Platforms/appropes.git", "path": "/tmp/", "time_seconds": 0, "commits_scanned": 3}
2024-02-27T14:07:37Z	info-0	trufflehog	finished scanning	{"chunks": 4, "bytes": 267, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "120.850735ms"}
2024/02/27 14:07:37 [updater parent] prog exited with 0

^ secrets not detected ^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment