Tartufo will, by default, scan the entire history of a git repository for any text which looks like a secret, password, credential, etc. It can also be made to work in pre-commit mode, for scanning blobs of text as a pre-commit hook.
tartufo [OPTIONS] COMMAND [ARGS]...Options–default-regexes, –no-default-regexes
Whether to include the default regex list when configuring search patterns. Only applicable if –rules is also specified.Default
True–entropy, –no-entropy
Enable entropy checks.Default
True–regex, –no-regex
Enable high signal regexes checks.Default
True–scan-filenames, –no-scan-filenames
Check the names of files being scanned as well as their contents.Default
True-of, –output-format <output_format>
Specify the format in which the output needs to be generated –output-format json/compact/text. Either json, compact or text can be specified. If not provided (default) the output will be generated in text format.Options
json | compact | text | report-od, –output-dir <output_dir>
If specified, all issues will be written out as individual JSON files to a uniquely named directory under this one. This will help with keeping the results of individual runs of tartufo separated.-td, –temp-dir <temp_dir>
If specified, temporary files will be written to the specified path–buffer-size <buffer_size>
Maximum number of issue to buffer in memory before shifting to temporary file bufferingDefault
10000–git-rules-repo <git_rules_repo>
A file path, or git URL, pointing to a git repository containing regex rules to be used for scanning.
By default, all .json files will be loaded from the root of that repository. –git-rules-files can be used to override this behavior and load specific files.–git-rules-files <git_rules_files>
Used in conjunction with –git-rules-repo, specify glob-style patterns for files from which to load the regex rules. Can be specified multiple times.–config <config>
Read configuration from specified file. [default: tartufo.toml]-q, –quiet, –no-quiet
Quiet mode. No outputs are reported if the scan is successful and doesn’t find any issues-v, –verbose¶
Display more verbose output. Specifying this option multiple times will incrementally increase the amount of output.–log-timestamps, –no-log-timestamps
Enable or disable timestamps in logging messages.Default
True–entropy-sensitivity <entropy_sensitivity>
Modify entropy detection sensitivity. This is expressed as on a scale of 0 to 100, where 0 means “totally nonrandom” and 100 means “totally random”.
Decreasing the scanner’s sensitivity increases the likelihood that a given string will be identified as suspicious.Default
75
For more information click here.
Learning Without Walls Remote education has long been a lifeline for students in rural areas…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…