Home / trufflesecurity / trufflehog
Repository Analysis

trufflesecurity/trufflehog

Find, verify, and analyze leaked credentials

0.4 Likely human-written View on GitHub
0.4
Adjusted Score
0.4
Raw Score
100%
Time Factor
2026-05-29
Last Push
26,569
Stars
Go
Language
482,833
Lines of Code
3375
Files
207
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 11LOW 196

Pattern Findings

207 matches across 7 categories. Click a row to expand file-level details.

Fake / Example Data140 hits · 121 pts
SeverityFileLineSnippet
LOWpkg/detectors/salescookie/salescookie.go49 payload := strings.NewReader(`{"date":"2021-07-04T02:47:42.1442597Z","uniqueId":"id-123","revenue":1.3,"profit":-2.5,
LOWpkg/detectors/salescookie/salescookie.go49 payload := strings.NewReader(`{"date":"2021-07-04T02:47:42.1442597Z","uniqueId":"id-123","revenue":1.3,"profit":-2.5,
LOWpkg/engine/ahocorasick/ahocorasickcore_test.go233 Lorem ipsum dolor sit met, consectetur dipiscing elit. Sed uctor,
LOWpkg/engine/ahocorasick/ahocorasickcore_test.go277 Lorem ipsum dolor sit met, consectetur dipiscing elit. Sed uctor,
LOWpkg/handlers/testdata/nonarchive.txt1Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt1Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt2Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt2Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt3Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt3Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt4Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt4Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt5Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt5Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt6Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt6Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt7Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt7Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt8Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt8Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt9Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt9Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt10Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt10Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt11Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt11Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt12Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt12Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt13Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt13Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt14Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt14Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt15Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt15Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt16Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt16Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt17Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt17Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt18Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt18Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt19Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt19Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt20Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt20Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt21Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt21Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt22Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt22Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt23Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt23Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt24Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt24Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt25Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt25Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt26Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt26Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt27Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt27Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt28Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
LOWpkg/handlers/testdata/nonarchive.txt28Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non risus. Suspendisse lectus tortor, dignissim sit amet, a
80 more matches not shown…
Over-Commented Block53 hits · 53 pts
SeverityFileLineSnippet
LOWhack/checksecretparts/main.go1// checksecretparts is a static analysis tool that finds detector packages
LOWhack/snifftest/snifftest.sh1#!/usr/bin/env bash
LOWscripts/test/detect_changed_detectors.sh1#!/usr/bin/env bash
LOWscripts/test/detect_changed_detectors.sh21# between the two refs. A detector imported at HEAD but not at BASE is new.
LOW.github/workflows/release.yml41 - name: Cosign install
LOW.github/workflows/codeql-analysis.yml1# For most projects, this workflow file will not need changing; you simply need
LOWpkg/pb/source_metadatapb/source_metadata.pb.go3581 }
LOWpkg/pb/source_metadatapb/source_metadata.pb.go3601 // *MetaData_Jira
LOWpkg/custom_detectors/custom_detectors.go121 // Permutate each individual match.
LOWpkg/custom_detectors/custom_detectors.go241 secret := values[0]
LOWpkg/iobuf/bufferedreaderseeker.go21
LOW…annelmetrics/metrics_collector/prometheus/collector.go21var (
LOWpkg/decoders/escaped_unicode.go221 return decodeWithPattern(input, htmlEscapePat)
LOWpkg/decoders/escaped_unicode.go241// for _, match := range matches {
LOWpkg/decoders/escaped_unicode.go261// }
LOWpkg/decoders/utf8.go81// This includes letters, digits, punctuation, and symbols, but excludes control characters.
LOWpkg/decoders/html_test.go21//
LOWpkg/decoders/escaped_unicode_test.go121 want: &sources.Chunk{
LOWpkg/sources/job_progress.go21 EndEnumerating(JobProgressRef, time.Time)
LOWpkg/sources/sources.go61
LOWpkg/sources/sources.go181// UnitReporter defines the interface a source will use to report whether a
LOWpkg/sources/s3/checkpointer.go21// The checkpointer maintains state for the current page of objects (up to 1000) using a boolean array
LOWpkg/sources/s3/checkpointer.go41//
LOWpkg/sources/s3/checkpointer.go141
LOWpkg/sources/s3/s3.go241 bucket string // The bucket name we were processing
LOWpkg/sources/github_experimental/object_discovery.go21
LOWpkg/sources/filesystem/filesystem.go241 if s.filter != nil && s.filter.ShouldExclude(path) {
LOWpkg/sources/filesystem/filesystem_test.go681
LOWpkg/sources/jenkins/jenkins.go161// Example response from http://localhost:8080/api/json?tree=jobs[name,url]{0,100}
LOWpkg/log/log.go101 }
LOWpkg/detectors/detectors.go21// Detector defines an interface for scanning for and verifying secrets.
LOWpkg/detectors/detectors.go41}
LOWpkg/detectors/http.go201 key, ok := req.Context().Value(dedupKeyContextKey{}).(string)
LOWpkg/detectors/jwt/jwt.go181}
LOW…/azurecontainerregistry/azurecontainerregistry_test.go61
LOWpkg/detectors/coinbase/coinbase_test.go61 shouldMatch: true,
LOWpkg/detectors/gcp/gcp_test.go101GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCkVEm
LOWpkg/detectors/postgres/postgres_integration_test.go41 } else {
LOWpkg/detectors/aws/session_keys/sessionkey.go301 // Fortunately, experimentation has also revealed a workaround: simply resubmit the second request. The
LOWpkg/detectors/azure_storage/storage_test.go141 // {
LOW…ectors/zapierwebhook/zapierwebhook_integration_test.go61 // ctx: context.Background(),
LOWpkg/engine/engine.go121 // FilterEntropy filters out unverified results using Shannon entropy.
LOWpkg/engine/engine.go501
LOWpkg/engine/engine.go1281 continue
LOWpkg/engine/ahocorasick/ahocorasickcore.go121// Core encapsulates the operations and data structures used for keyword matching via the
LOWpkg/engine/ahocorasick/ahocorasickcore.go221 d.matches = make([][]byte, len(d.matchSpans))
LOWpkg/handlers/metrics.go101// The handlerType is used as a label for each metric, allowing for differentiation and aggregation of metrics
LOWpkg/handlers/metrics.go121//
LOWpkg/handlers/handlers.go21)
LOWpkg/handlers/apk.go61 }
LOWpkg/handlers/apk.go141 }
LOWpkg/handlers/archive.go41type archiveHandler struct{ *defaultHandler }
LOWpkg/handlers/rpm.go21}
AI Slop Vocabulary8 hits · 24 pts
SeverityFileLineSnippet
MEDIUMpkg/writers/buffered_file_writer/bufferedfilewriter.go220// By implementing this method, BufferedFileWriter can leverage optimized data transfer mechanisms provided
MEDIUMpkg/iobuf/bufferedreaderseeker.go36// transparently, providing a seamless reading and seeking experience regardless
MEDIUMpkg/iobuf/bufferedreaderseeker.go266 // to utilize the temporary file exclusively, simplifying
MEDIUMpkg/sources/git/git.go1524 // TODO: Develop a more robust mechanism to ensure consistent timeout behavior between the command execution
MEDIUMpkg/detectors/hasura/hasura_test.go116 // For a more robust comparison, load the results into maps to ignore order.
MEDIUM…/salesforceoauth2/salesforceoauth2_integration_test.go150 // Since the order of results can vary with maps, we use a more robust comparison.
MEDIUM…efreshtoken/salesforcerefreshtoken_integration_test.go159 // Since the order of results can vary with maps, we use a more robust comparison.
MEDIUMpkg/engine/engine.go346// they're set to reasonable default values. It makes the engine robust to
Self-Referential Comments2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMhack/bench/versions.sh15# Create a temporary folder to clone the repository
MEDIUMhack/bench/versions.sh53 # Initialize the variable to store the sum of user times
Excessive Try-Catch Wrapping2 hits · 3 pts
SeverityFileLineSnippet
LOWpkg/custom_detectors/CUSTOM_DETECTORS.md164 except Exception:
MEDIUMpkg/custom_detectors/CUSTOM_DETECTORS.md147def do_POST(self):
Redundant / Tautological Comments1 hit · 2 pts
SeverityFileLineSnippet
LOWaction.yml46 # Check if jq is installed, if not, install it
Verbosity Indicators1 hit · 2 pts
SeverityFileLineSnippet
LOWpkg/output/plain.go121 // To have the "UNKNOWN_POSTMAN = 0" value be assigned correctly to the field, we need to check if the Postman workspac