[HN Gopher] TruffleHog v3 - Detect and automatically verify over...
___________________________________________________________________
TruffleHog v3 - Detect and automatically verify over 600 credential
types
Author : riverdroid
Score : 55 points
Date : 2022-04-04 19:21 UTC (2 days ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| lol768 wrote:
| Note that v3 shifts to AGPL, from GPL in prior versions.
|
| Doesn't bother me personally, but I know a lot of companies won't
| touch AGPL'd projects with a bargepole so this probably worth
| bearing in mind.
| mdaniel wrote:
| then they must have rewritten the 2.0.97 tag from 2016 because
| it's AGPL also:
| https://github.com/trufflesecurity/trufflehog/blob/2.0.97/LI...
| cmeacham98 wrote:
| Github's identification is incorrect, the text is clearly the
| GPL and not AGPL. My guess is that github does its LICENSE-
| autodetect thing only on the default branch but displays it
| everywhere (this probably should be considered a bug?).
| mdaniel wrote:
| Gosh, I'm so sorry for spreading false information. Had
| that license widget not taken up so much screen real estate
| one might have had a fighting chance at spotting the error
| :-(
|
| I dread tracking down which issue in the GitHub org that
| belongs to
| atonse wrote:
| Is there a tool like this with a more permissive license?
| psanford wrote:
| There are a lot of secret detection tools out there. It
| probably is going to depend a lot on the specific features you
| care about. I personally really like shhgit[0] which is MIT
| licensed and is the tool I've found to most match my workflows.
|
| [0]: https://github.com/eth0izzle/shhgit
| beckler wrote:
| Gitleaks
___________________________________________________________________
(page generated 2022-04-06 23:01 UTC)