Skip to content

Commit

Permalink
added ci scanning info to readme (trufflesecurity#2126)
Browse files Browse the repository at this point in the history 
* added ci scanning info to readme

* updates to ci details
  • Loading branch information
@joeleonjr
joeleonjr authored Nov 28, 2023
1 parent 78219a2 commit 1759f09
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,14 @@ Use the `--image` flag multiple times to scan multiple images.
trufflehog docker --image trufflesecurity/secrets --only-verified
```

## 11: Scan in CI

Set the `--since-commit` flag to your default branch that people merge into (ex: "main"). Set the `--branch` flag to your PR's branch name (ex: "feature-1"). Depending on the CI/CD platform you use, this value can be pulled in dynamically (ex: [CIRCLE_BRANCH in Circle CI](https://circleci.com/docs/variables/) and [TRAVIS_PULL_REQUEST_BRANCH in Travis CI](https://docs.travis-ci.com/user/environment-variables/)). If the repo is cloned and the target branch is already checked out during the CI/CD workflow, then `--branch HEAD` should be sufficient. The `--fail` flag will return an 183 error code if valid credentials are found.

```bash
trufflehog git file://. --since-commit main --branch feature-1 --only-verified --fail
```

# :question: FAQ

- All I see is `πŸ·πŸ”‘πŸ· TruffleHog. Unearth your secrets. πŸ·πŸ”‘πŸ·` and the program exits, what gives?
Expand Down

0 comments on commit 1759f09

Please sign in to comment.