- 14 Aug 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
TruffleHog
- Updated on 14 Aug 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
TruffleHog is a security tool that scans code repositories for vulnerabilities related to secret keys, such as private encryption keys and passwords.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Secrets
Parameters
Host Name or IP Address (required) - The hostname or IP address of the TruffleHog server.
API Key (required) - An API Key associated with a user account that has permissions to fetch assets.
API Secret (optional) - The API Key secret displayed when the API key is created.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch only verified secrets (default: true) - By default, Axonius fetches only verified secrets. Clear this option to fetch all secrets.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Refer to the TruffleHog documentation.
Supported From Version
Supported from Axonius version 6.0