Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for .trufflehogignore file #2687

Open
kvanzuijlen opened this issue Apr 9, 2024 · 1 comment
Open

Add support for .trufflehogignore file #2687

kvanzuijlen opened this issue Apr 9, 2024 · 1 comment
Labels
enhancement

Comments

@kvanzuijlen
Copy link

Please review the Community Note before submitting

Description

It'd be nice to have support for a .trufflehogignore file. In this file you could add "fingerprints"/trufflehog json output of secret findings that are either false positives or have been rotated previously. This way you won't have to rebase the entire repository and still be able to ignore findings that have already been resolved. I think this would be a nice alternative to rebasing the repository as rotated/false positive secrets are not problematic if they stay in the repository IMO.

Preferred Solution

A .trufflehogignore file containing either fingerprints (hashes of the findings) or the JSON output of findings.

Additional Context

I'd be willing to work on this, I'd like to hear what the contents of the .trufflehogignore file should be.

References
@CameronLonsdale
Copy link

Would be nice, I have a jank wrapper which SHA256s the secret and checks if its in a list of hashes I maintain for secrets which are fine to ignore before I process the output from trufflehog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CameronLonsdale @kvanzuijlen