Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement: Trufflehog #1343

Conversation

domwhewell-sage
Copy link
Contributor

This PR enhances the trufflehog module.

I have removed the filter_event so trufflehog now accepts all FILESYSTEM events, if they are not tagged with docker or git it will use truffle hogs filesystem command against it.

FILESYSTEM events can have a description field which allows the prior event to inject some extra context into the what exactly the file is that's been downloaded and where it came from.
git doesn't need this as the repository URL is included in the trufflehog event (I presume it gets this from the .git file). But I have added it to the docker_pull event that's emitted to give the user some extra context instead of "imagename_latest.tar had this plain-text credential"

I decided against de-duplicating the findings output by trufflehog inside this module as we may loose some valuable data from other assets that are not workflow-logs. De-duplication of that should be done in that module.

Finally I have upped the version number of trufflehog to the latest.

@domwhewell-sage domwhewell-sage marked this pull request as ready for review May 12, 2024 10:09
@TheTechromancer TheTechromancer merged commit e293d4c into blacklanternsecurity:dev May 12, 2024
8 checks passed
@domwhewell-sage domwhewell-sage deleted the truffle_hog_modifications branch May 12, 2024 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants