This content originally appeared on DEV Community and was authored by antoine
Secret scanning using trufflehog
Trufflehog is a tool that can scan multiple sources (filesystem, git, have a pre commit hook, Postman), integrate in CI / Docker environment, etc… .
Easy start :
In the directory, with a docker daemon started
docker run --rm -it -v "${PWD}:/pwd" trufflesecurity/trufflehog filesystem /pwd
you will have a report with unverified result (probable issue), and confirmed issue.
This content originally appeared on DEV Community and was authored by antoine