trufflehog package no longer maintained #15
Comments
|
From the author of the package: TruffleHog v2 is about 2 or 3 years past EOL. TruffleHog v3 is written in Go, and not presently distributed on PyPi. You can download the latest release here: https://github.com/trufflesecurity/trufflehog/releases/tag/v3.64.0 Or pull from our docker register https://hub.docker.com/r/trufflesecurity/trufflehog/tags However please be aware the latest version is not 100% backwards compatible with V2, and it has a significant number of features that were added, most notably key verification (automatically trying to log in with the keys identified to confirm if they're still live). Another big change is, this project is no longer a research project, it's not fully supported by a company that was founded in 2021, backed by A16Z and has enterprise features and support available. |
|
Looks like TruffleHog v3 can just be run as a pre-commit hook anyway: |
Last version was released early Feb 2021 https://pypi.org/project/truffleHog/#history
The package depends on a version of gitpython containing a security vulnerability, which was flagged by s3proxy https://github.com/uktrade/s3proxy/security/dependabot/53
The text was updated successfully, but these errors were encountered: