.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
Tartufo will, by default, scan the entire history of a git repository for any text which looks like a secret, password, credential, etc. It can also be made to work in pre-commit mode, for scanning blobs of text as a pre-commit hook.
tartufo [OPTIONS] COMMAND [ARGS]...Options–default-regexes, –no-default-regexes
Whether to include the default regex list when configuring search patterns. Only applicable if –rules is also specified.Default
True–entropy, –no-entropy
Enable entropy checks.Default
True–regex, –no-regex
Enable high signal regexes checks.Default
True–scan-filenames, –no-scan-filenames
Check the names of files being scanned as well as their contents.Default
True-of, –output-format <output_format>
Specify the format in which the output needs to be generated –output-format json/compact/text. Either json, compact or text can be specified. If not provided (default) the output will be generated in text format.Options
json | compact | text | report-od, –output-dir <output_dir>
If specified, all issues will be written out as individual JSON files to a uniquely named directory under this one. This will help with keeping the results of individual runs of tartufo separated.-td, –temp-dir <temp_dir>
If specified, temporary files will be written to the specified path–buffer-size <buffer_size>
Maximum number of issue to buffer in memory before shifting to temporary file bufferingDefault
10000–git-rules-repo <git_rules_repo>
A file path, or git URL, pointing to a git repository containing regex rules to be used for scanning.
By default, all .json files will be loaded from the root of that repository. –git-rules-files can be used to override this behavior and load specific files.–git-rules-files <git_rules_files>
Used in conjunction with –git-rules-repo, specify glob-style patterns for files from which to load the regex rules. Can be specified multiple times.–config <config>
Read configuration from specified file. [default: tartufo.toml]-q, –quiet, –no-quiet
Quiet mode. No outputs are reported if the scan is successful and doesn’t find any issues-v, –verbose¶
Display more verbose output. Specifying this option multiple times will incrementally increase the amount of output.–log-timestamps, –no-log-timestamps
Enable or disable timestamps in logging messages.Default
True–entropy-sensitivity <entropy_sensitivity>
Modify entropy detection sensitivity. This is expressed as on a scale of 0 to 100, where 0 means “totally nonrandom” and 100 means “totally random”.
Decreasing the scanner’s sensitivity increases the likelihood that a given string will be identified as suspicious.Default
75
For more information click here.
