Find, verify, and analyze leaked credentials

21.5K stars 2.0K forks 21.5K watchers Go GNU Affero General Public License v3.0
credentials devsecops dynamic-analysis precommit scanning secret secret-management secrets security security-tools trufflehog verification
4 Open Issues Need Help Last updated: Sep 13, 2025

Open Issues Need Help

View All on GitHub
help wanted pkg/sources

Find, verify, and analyze leaked credentials

Go
#credentials#devsecops#dynamic-analysis#precommit#scanning#secret#secret-management#secrets#security#security-tools#trufflehog#verification
enhancement help wanted contributions welcomed pkg/detectors good first issue

Find, verify, and analyze leaked credentials

Go
#credentials#devsecops#dynamic-analysis#precommit#scanning#secret#secret-management#secrets#security#security-tools#trufflehog#verification
bug contributions welcomed pkg/detectors good first issue

Find, verify, and analyze leaked credentials

Go
#credentials#devsecops#dynamic-analysis#precommit#scanning#secret#secret-management#secrets#security#security-tools#trufflehog#verification

AI Summary: The task is to debug a false positive in TruffleHog, a secrets detection tool. TruffleHog v3.90.3 incorrectly identifies a GitHub repository's zipball URL as a GitHub token. The solution requires investigating why the Github detector is triggering on this specific URL pattern, potentially involving refining the regular expressions or adding exclusion rules within the detector to prevent false positives on valid URLs. This might involve examining the detector's code, testing different scenarios, and potentially contributing a fix to the TruffleHog project.

Complexity: 4/5
enhancement help wanted pkg/detectors

Find, verify, and analyze leaked credentials

Go
#credentials#devsecops#dynamic-analysis#precommit#scanning#secret#secret-management#secrets#security#security-tools#trufflehog#verification