Technology Radar
Published : Apr 26, 2023
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Apr 2023
Trial
TruffleHog 是一款开源的静态应用程序安全测试工具(static application security testing,SAST),用于在各类源码中检测密钥信息。除了对 GitHub 和 GitLab 等最为常见的代码仓库进行扫描,TruffleHog 还能扫描 S3 和 GCS 等云存储桶、本地文件、本地目录以及 CircleCI 日志。开发人员可以将 TruffleHog 配置为 pre-commit hook 脚本,也可以直接使用它扫描一个 GitHub 组织的全部代码仓库历史记录。TruffleHog 支持自定义的正则语句模版,即使在当前的 alpha 阶段,该功能也十分易用。虽然 TruffleHog 有企业版本,但是我们发现开源版本的 TruffleHog 更易于配置和使用,并且覆盖了绝大多数的常见场景。TruffleHog 拥有一个非常活跃的社区,时不时就会有新的功能更新。
