Skip to content

Commit 5961eae

Browse files
kellydunnkellydunn
authored
Merge branch 'main' into gha-fix
2 parents 03afaa2 + 05e2328 commit 5961eae

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

52 files changed

+4360
-905
lines changed

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
with:
3939
go-version: "1.24"
4040
- name: Cosign install
41-
uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
41+
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
4242
- name: Install UPX
4343
run: |
4444
sudo apt-get update

README.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -280,7 +280,14 @@ trufflehog gcs --project-id=<project-ID> --cloud-environment --results=verified,
280280
Use the `--image` flag multiple times to scan multiple images.
281281

282282
```bash
283+
# to scan from a remote registry
283284
trufflehog docker --image trufflesecurity/secrets --results=verified,unknown
285+
286+
# to scan from the local docker daemon
287+
trufflehog docker --image docker://new_image:tag --results=verified,unknown
288+
289+
# to scan from an image saved as a tarball
290+
trufflehog docker --image file://path_to_image.tar --results=verified,unknown
284291
```
285292

286293
## 12: Scan in CI
@@ -672,7 +679,7 @@ TruffleHog will send a JSON POST request containing the regex matches to a
672679
configured webhook endpoint. If the endpoint responds with a `200 OK` response
673680
status code, the secret is considered verified.
674681

675-
Custom Detectors support a few different filtering mechanisms: entropy, regex targeting the entire match, regex targeting the captured secret,
682+
Custom Detectors support a few different filtering mechanisms: entropy, regex targeting the entire match, regex targeting the captured secret,
676683
and excluded word lists checked against the secret (captured group if present, entire match if capture group is not present). Note that if
677684
your custom detector has multiple `regex` set (in this example `hogID`, and `hogToken`), then the filters get applied to each regex. [Here](examples/generic_with_filters.yml) is an example of a custom detector using these filters.
678685

go.mod

Lines changed: 51 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -9,35 +9,39 @@ replace github.com/jpillora/overseer => github.com/trufflesecurity/overseer v1.2
99
// Coinbase archived this library and it has some vulnerable dependencies so we've forked.
1010
replace github.com/coinbase/waas-client-library-go => github.com/trufflesecurity/waas-client-library-go v1.0.9
1111

12+
// TODO: v1.134.0 is available but deprecates existing Auth methods, should be updated separately
13+
replace gitlab.com/gitlab-org/api/client-go => gitlab.com/gitlab-org/api/client-go v0.129.0
14+
1215
require (
13-
cloud.google.com/go/secretmanager v1.14.7
14-
cloud.google.com/go/storage v1.50.0
16+
cloud.google.com/go/secretmanager v1.15.0
17+
cloud.google.com/go/storage v1.56.0
1518
github.com/BobuSumisu/aho-corasick v1.0.3
1619
github.com/TheZeroSlave/zapsentry v1.23.0
1720
github.com/adrg/strutil v0.3.1
1821
github.com/alecthomas/kingpin/v2 v2.4.0
1922
github.com/avast/apkparser v0.0.0-20250626104540-d53391f4d69d
20-
github.com/aws/aws-sdk-go-v2 v1.36.5
21-
github.com/aws/aws-sdk-go-v2/config v1.29.17
22-
github.com/aws/aws-sdk-go-v2/credentials v1.17.70
23-
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.83
24-
github.com/aws/aws-sdk-go-v2/service/s3 v1.83.0
25-
github.com/aws/aws-sdk-go-v2/service/sns v1.34.7
26-
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0
27-
github.com/aws/smithy-go v1.22.4
23+
github.com/aws/aws-sdk-go-v2 v1.36.6
24+
github.com/aws/aws-sdk-go-v2/config v1.29.18
25+
github.com/aws/aws-sdk-go-v2/credentials v1.17.71
26+
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.85
27+
github.com/aws/aws-sdk-go-v2/service/s3 v1.84.1
28+
github.com/aws/aws-sdk-go-v2/service/sns v1.34.8
29+
github.com/aws/aws-sdk-go-v2/service/sts v1.34.1
30+
github.com/aws/smithy-go v1.22.5
2831
github.com/aymanbagabas/go-osc52 v1.2.1
2932
github.com/bill-rich/go-syslog v0.0.0-20220413021637-49edb52a574c
3033
github.com/bitfinexcom/bitfinex-api-go v0.0.0-20210608095005-9e0b26f200fb
3134
github.com/bradleyfalzon/ghinstallation/v2 v2.14.0
32-
github.com/brianvoe/gofakeit/v7 v7.2.1
35+
github.com/brianvoe/gofakeit/v7 v7.3.0
3336
github.com/charmbracelet/bubbles v0.18.0
3437
github.com/charmbracelet/bubbletea v1.3.6
3538
github.com/charmbracelet/glamour v0.7.0
3639
github.com/charmbracelet/lipgloss v1.1.0
3740
github.com/coinbase/waas-client-library-go v1.0.8
38-
github.com/couchbase/gocb/v2 v2.10.0
41+
github.com/couchbase/gocb/v2 v2.10.1
3942
github.com/crewjam/rfc5424 v0.1.0
4043
github.com/csnewman/dextk v0.3.0
44+
github.com/docker/docker v28.2.2+incompatible
4145
github.com/dustin/go-humanize v1.0.1
4246
github.com/elastic/go-elasticsearch/v8 v8.17.1
4347
github.com/envoyproxy/protoc-gen-validate v1.2.1
@@ -53,12 +57,12 @@ require (
5357
github.com/go-redis/redis v6.15.9+incompatible
5458
github.com/go-sql-driver/mysql v1.8.1
5559
github.com/gobwas/glob v0.2.3
56-
github.com/golang-jwt/jwt/v5 v5.2.2
60+
github.com/golang-jwt/jwt/v5 v5.2.3
5761
github.com/google/go-cmp v0.7.0
5862
github.com/google/go-containerregistry v0.20.6
5963
github.com/google/go-github/v67 v67.0.0
6064
github.com/google/uuid v1.6.0
61-
github.com/googleapis/gax-go/v2 v2.14.2
65+
github.com/googleapis/gax-go/v2 v2.15.0
6266
github.com/hashicorp/go-retryablehttp v0.7.8
6367
github.com/hashicorp/golang-lru/v2 v2.0.7
6468
github.com/jedib0t/go-pretty/v6 v6.6.7
@@ -98,18 +102,18 @@ require (
98102
github.com/trufflesecurity/disk-buffer-reader v0.2.1
99103
github.com/wasilibs/go-re2 v1.9.0
100104
github.com/xo/dburl v0.23.8
101-
gitlab.com/gitlab-org/api/client-go v0.127.0
105+
gitlab.com/gitlab-org/api/client-go v0.129.0
102106
go.mongodb.org/mongo-driver v1.17.4
103107
go.uber.org/automaxprocs v1.6.0
104108
go.uber.org/mock v0.5.2
105109
go.uber.org/zap v1.27.0
106-
golang.org/x/crypto v0.39.0
107-
golang.org/x/net v0.41.0
110+
golang.org/x/crypto v0.40.0
111+
golang.org/x/net v0.42.0
108112
golang.org/x/oauth2 v0.30.0
109-
golang.org/x/sync v0.15.0
110-
golang.org/x/text v0.26.0
111-
golang.org/x/time v0.11.0
112-
google.golang.org/api v0.232.0
113+
golang.org/x/sync v0.16.0
114+
golang.org/x/text v0.27.0
115+
golang.org/x/time v0.12.0
116+
google.golang.org/api v0.243.0
113117
google.golang.org/protobuf v1.36.6
114118
gopkg.in/h2non/gock.v1 v1.1.2
115119
gopkg.in/yaml.v2 v2.4.0
@@ -120,9 +124,9 @@ require (
120124
)
121125

122126
require (
123-
cel.dev/expr v0.20.0 // indirect
124-
cloud.google.com/go v0.120.0 // indirect
125-
cloud.google.com/go/auth v0.16.1 // indirect
127+
cel.dev/expr v0.24.0 // indirect
128+
cloud.google.com/go v0.121.4 // indirect
129+
cloud.google.com/go/auth v0.16.3 // indirect
126130
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
127131
cloud.google.com/go/compute/metadata v0.7.0 // indirect
128132
cloud.google.com/go/iam v1.5.2 // indirect
@@ -135,9 +139,9 @@ require (
135139
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
136140
github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect
137141
github.com/DataDog/zstd v1.5.5 // indirect
138-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect
139-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0 // indirect
140-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0 // indirect
142+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
143+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect
144+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect
141145
github.com/Microsoft/go-winio v0.6.2 // indirect
142146
github.com/ProtonMail/go-crypto v1.1.5 // indirect
143147
github.com/STARRY-S/zip v0.2.1 // indirect
@@ -146,17 +150,17 @@ require (
146150
github.com/andybalholm/brotli v1.1.1 // indirect
147151
github.com/atotto/clipboard v0.1.4 // indirect
148152
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.11 // indirect
149-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 // indirect
150-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 // indirect
151-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 // indirect
153+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.33 // indirect
154+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.37 // indirect
155+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.37 // indirect
152156
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
153-
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.36 // indirect
157+
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.37 // indirect
154158
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect
155-
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.4 // indirect
156-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 // indirect
157-
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.17 // indirect
158-
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 // indirect
159-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 // indirect
159+
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.5 // indirect
160+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.18 // indirect
161+
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.18 // indirect
162+
github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 // indirect
163+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 // indirect
160164
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
161165
github.com/aymerick/douceur v0.2.0 // indirect
162166
github.com/beorn7/perks v1.0.1 // indirect
@@ -170,13 +174,13 @@ require (
170174
github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect
171175
github.com/charmbracelet/x/term v0.2.1 // indirect
172176
github.com/cloudflare/circl v1.3.8 // indirect
173-
github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
177+
github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
174178
github.com/containerd/errdefs v1.0.0 // indirect
175179
github.com/containerd/errdefs/pkg v0.3.0 // indirect
176180
github.com/containerd/log v0.1.0 // indirect
177181
github.com/containerd/platforms v0.2.1 // indirect
178182
github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
179-
github.com/couchbase/gocbcore/v10 v10.7.0 // indirect
183+
github.com/couchbase/gocbcore/v10 v10.7.1 // indirect
180184
github.com/couchbase/gocbcoreps v0.1.3 // indirect
181185
github.com/couchbase/goprotostellar v1.0.2 // indirect
182186
github.com/couchbaselabs/gocbconnstr/v2 v2.0.0-20240607131231-fb385523de28 // indirect
@@ -187,7 +191,6 @@ require (
187191
github.com/dlclark/regexp2 v1.4.0 // indirect
188192
github.com/docker/cli v28.2.2+incompatible // indirect
189193
github.com/docker/distribution v2.8.3+incompatible // indirect
190-
github.com/docker/docker v28.2.2+incompatible // indirect
191194
github.com/docker/docker-credential-helpers v0.9.3 // indirect
192195
github.com/docker/go-connections v0.5.0 // indirect
193196
github.com/docker/go-units v0.5.0 // indirect
@@ -201,7 +204,7 @@ require (
201204
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
202205
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
203206
github.com/go-git/go-billy/v5 v5.6.2 // indirect
204-
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
207+
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
205208
github.com/go-logr/stdr v1.2.2 // indirect
206209
github.com/go-ole/go-ole v1.2.6 // indirect
207210
github.com/gofrs/flock v0.12.1 // indirect
@@ -298,8 +301,8 @@ require (
298301
github.com/zeebo/errs v1.4.0 // indirect
299302
go.einride.tech/aip v0.60.0 // indirect
300303
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
301-
go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
302-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
304+
go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect
305+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
303306
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
304307
go.opentelemetry.io/otel v1.36.0 // indirect
305308
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect
@@ -311,13 +314,13 @@ require (
311314
go4.org v0.0.0-20230225012048-214862532bf5 // indirect
312315
golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
313316
golang.org/x/mod v0.25.0 // indirect
314-
golang.org/x/sys v0.33.0 // indirect
315-
golang.org/x/term v0.32.0 // indirect
317+
golang.org/x/sys v0.34.0 // indirect
318+
golang.org/x/term v0.33.0 // indirect
316319
golang.org/x/tools v0.34.0 // indirect
317-
google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 // indirect
318-
google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 // indirect
319-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 // indirect
320-
google.golang.org/grpc v1.72.0 // indirect
320+
google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
321+
google.golang.org/genproto/googleapis/api v0.0.0-20250721164621-a45f3dfb1074 // indirect
322+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250721164621-a45f3dfb1074 // indirect
323+
google.golang.org/grpc v1.74.2 // indirect
321324
gopkg.in/warnings.v0 v0.1.2 // indirect
322325
pault.ag/go/topsort v0.1.1 // indirect
323326
)

0 commit comments

Comments
 (0)