Run a secret finder on secdev-robot
Closed this issue ยท 5 comments
cd c:\src
git clone git@github.com:techservicesillinois/secdev-robot.git
docker run -v /c/src:/etc/src dxa4481/trufflehog /etc/src/secdev-robot
I would run this now, but I broke my Docker when setting up for SANS training.
@edthedev , I am trying to run
docker run -v /c/src:/etc/src dxa4481/trufflehog /etc/src/secdev-robot
but I am getting no output - does that mean that it is finding nothing, or that it is running incorrectly?
[1:36 PM] Delaporte, Edward Charles
Oh, just passing --verbose may give much better output.
โ[1:36 PM] Delaporte, Edward Charles
I imagine it might follow a unix "any output is failure" style by default. Some build system tools do.
โ[1:37 PM] Delaporte, Edward Charles
Or --render-html will actually output a whole HTML file to read.
โ[1:37 PM] Delaporte, Edward Charles
That, I expect, will output a file even if there are no findings.
https://teams.microsoft.com/l/message/19:9bffddcde9924ba7ad2d45b394052b45@thread.skype/1620758174615?tenantId=44467e6f-462c-4ea2-823f-7800de5434e3&groupId=293d6f51-9166-4f6f-b6cd-f3335c630c02&parentMessageId=1620757721818&teamName=PrivSec&channelName=SecDevOps&createdTime=1620758174615
@edthedev , after your suggestion of installing and using trufflehog3 ( https://github.com/feeltheajf/truffleHog3 ), I did the following:
-
Install truffleHog3
python -m pip install truffleHog3 -
Run truffleHog3 and make output appear in HTML formatting.
python -m truffleHog3 -f html -o secdev-robot.html secdev-robot
Note: This version, and the older version mentioned above, do not provide output by default unless there are issues (verbose does not correct this).
However, truffleHog3 has the option for an HTML output file with formatting, that will show information even if there are no errors, etc.
Using this, I did not see any errors appear, and the code passed.
Huzzah!! ๐๐