From 10a8ee47cd7c4a1bf86d9118498fc1247cfefa34 Mon Sep 17 00:00:00 2001 From: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com> Date: Wed, 14 May 2025 15:32:59 +0200 Subject: [PATCH 1/5] Create trufflehog precommit --- pre-commit/trufflehog.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 pre-commit/trufflehog.sh diff --git a/pre-commit/trufflehog.sh b/pre-commit/trufflehog.sh new file mode 100644 index 0000000..c350b4f --- /dev/null +++ b/pre-commit/trufflehog.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# vim: ai:ts=8:sw=8:noet +set -euo pipefail + +# renovate: datasource=docker depName=trufflesecurity/trufflehog +TRUFFLEHOG_DEFAULT_VERSION="3.88.29@sha256:6375b4dd7d045656bf78f52ac5a6e992eff344da9def96f0953cda26f791ffb7" +TRUFFLEHOG_VERSION="${TRUFFLEHOG_VERSION:-${TRUFFLEHOG_DEFAULT_VERSION}}" + +docker \ + run \ + --volume "$(pwd):/workdir" \ + --interactive \ + --rm \ + "trufflesecurity/trufflehog:$TRUFFLEHOG_VERSION" \ + git \ + file:///workdir \ + --since-commit HEAD \ + --results=verified,unknown \ + --fail From da8c126ccb703d346193ca6e2ecf7a57cf45c7c8 Mon Sep 17 00:00:00 2001 From: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com> Date: Wed, 14 May 2025 15:35:13 +0200 Subject: [PATCH 2/5] Create .pre-commit-hooks.yaml --- .pre-commit-hooks.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .pre-commit-hooks.yaml diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..49e0a59 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,8 @@ +- id: trufflehog + name: TruffleHog + language: script + entry: pre-commit/trufflehog.sh + stages: + - pre-commit + - pre-push + types: [text] From 9cd5bbbe00d686718dd5d431ae4091a85d216b21 Mon Sep 17 00:00:00 2001 From: Kristian Bremberg <`md5sum1337`> Date: Wed, 14 May 2025 16:13:56 +0200 Subject: [PATCH 3/5] make exec and remove logging --- pre-commit/trufflehog.sh | 1 + 1 file changed, 1 insertion(+) mode change 100644 => 100755 pre-commit/trufflehog.sh diff --git a/pre-commit/trufflehog.sh b/pre-commit/trufflehog.sh old mode 100644 new mode 100755 index c350b4f..2656d8c --- a/pre-commit/trufflehog.sh +++ b/pre-commit/trufflehog.sh @@ -16,4 +16,5 @@ docker \ file:///workdir \ --since-commit HEAD \ --results=verified,unknown \ + --log-level=-1\ --fail From fba57c0a59acde61c63ed533998594c1803265ab Mon Sep 17 00:00:00 2001 From: Kristian Bremberg <`md5sum1337`> Date: Wed, 14 May 2025 16:15:26 +0200 Subject: [PATCH 4/5] add pre commit config --- .pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..b7d8994 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,5 @@ +repos: + - repo: https://github.com/grafana/security-github-actions + rev: main + hooks: + - id: trufflehog From 02c3c2efdb2db423051430db597e193c6f1c1588 Mon Sep 17 00:00:00 2001 From: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com> Date: Wed, 14 May 2025 16:16:30 +0200 Subject: [PATCH 5/5] Update trufflehog.sh --- pre-commit/trufflehog.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pre-commit/trufflehog.sh b/pre-commit/trufflehog.sh index 2656d8c..eff4028 100755 --- a/pre-commit/trufflehog.sh +++ b/pre-commit/trufflehog.sh @@ -16,5 +16,5 @@ docker \ file:///workdir \ --since-commit HEAD \ --results=verified,unknown \ - --log-level=-1\ + --log-level=-1 \ --fail