Join us

ContentUpdates and recent posts about TruffleHog..
Course
eon01
@eon01 published a course, 1 month ago
Founder, FAUN.dev

DevSecOps in Practice

#AppSec  #DevOps  #DevSecO...  #SecDevO...  #Securit... 
TruffleHog Flask NeuVector detect-secrets pre-commit OWASP Dependency-Check Docker checkov Bandit Hadolint Grype KubeLinter Syft GitLab CI/CD Trivy Kubernetes

A Hands-On Guide to Operationalizing DevSecOps at Scale

DevSecOps in Practice
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email

|

Sell your course on FAUN.dev
News FAUN.dev() Team
devopslinks
@devopslinks shared an update, 1 month ago
FAUN.dev()

Researcher Scans 5.6M GitLab Repositories, Uncovers 17,000 Live Secrets and a Decade of Exposed Credentials

#AWS Lam...  #secrets  #Truffle...  #bitbuck...  #gitlab 
Atlassian Bitbucket GitLab CI/CD GitLab AWS Lambda TruffleHog

A security research project led by Luke Marshall scanned 5.6 million GitLab repositories, uncovering over 17,000 live secrets and earning $9,000 in bounties, highlighting GitLab's larger scale and higher exposure risk compared to Bitbucket.

Researcher Scans 5.6M GitLab Repositories, Uncovers 17,000 Live Secrets and a Decade of Exposed Credentials
765 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
devopslinks
@devopslinks added a new tool TruffleHog , 1 month ago.
TruffleHog is a high-accuracy secret-detection tool designed to uncover exposed credentials such as API keys, tokens, private keys, and cloud secrets across large codebases. Originally created to scan Git commit history, it has evolved into a multi-source scanning engine capable of analyzing GitHub, GitLab, Bitbucket, Docker images, file systems, Terraform states, and cloud environments.

The scanner combines entropy detection, an extensive library of regular expression detectors, and live credential validation to minimize false positives. TruffleHog is widely used in security research, supply chain security, DevSecOps workflows, and bug bounty programs. Its speed, accuracy, and broad ecosystem coverage make it a core tool for identifying and preventing credential leakage in modern software development.