Updates and recent posts about TruffleHog..

Posts
Description

Course

@eon01 published a course, 2 months, 3 weeks ago

Founder, FAUN.dev

DevSecOps in Practice

#AppSec #DevOps #DevSecO... #SecDevO... #Securit...

A Hands-On Guide to Operationalizing DevSecOps at Scale

News FAUN.dev() Team

@devopslinks shared an update, 2 months, 3 weeks ago

FAUN.dev()

Researcher Scans 5.6M GitLab Repositories, Uncovers 17,000 Live Secrets and a Decade of Exposed Credentials

#AWS Lam... #secrets #Truffle... #bitbuck... #gitlab

A security research project led by Luke Marshall scanned 5.6 million GitLab repositories, uncovering over 17,000 live secrets and earning $9,000 in bounties, highlighting GitLab's larger scale and higher exposure risk compared to Bitbucket.

Researcher Scans 5.6M GitLab Repositories, Uncovers 17,000 Live Secrets and a Decade of Exposed Credentials

Activity

@devopslinks added a new tool TruffleHog , 2 months, 3 weeks ago.

TruffleHog is a high-accuracy secret-detection tool designed to uncover exposed credentials such as API keys, tokens, private keys, and cloud secrets across large codebases. Originally created to scan Git commit history, it has evolved into a multi-source scanning engine capable of analyzing GitHub, GitLab, Bitbucket, Docker images, file systems, Terraform states, and cloud environments.

The scanner combines entropy detection, an extensive library of regular expression detectors, and live credential validation to minimize false positives. TruffleHog is widely used in security research, supply chain security, DevSecOps workflows, and bug bounty programs. Its speed, accuracy, and broad ecosystem coverage make it a core tool for identifying and preventing credential leakage in modern software development.