You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current version (v3.44.0) does not support pre-receive hooks at all. go-git and git utility don't see incoming commits. go-git cannot do it due to upstream bug (go-git/go-git#812) while git needs special environment variables.
Problem to be Addressed
Pre-receive hooks are a nice way to improve security proactively.
Description of the Preferred Solution
I have prepared an initial fix, #1499, which allows the use of Trufflehog in pre-receive hooks. However, the functionality is still limited.
There are a few problems:
The hook needs to scan only new commits. The --since-commit and --branch options allow scanning a specific range, but in some cases, commits have already been scanned when they were pushed to other branches. Usually, people use the --not --all flags with the git rev-list command to avoid this. So an easy fix would be to add an option that will allow to supply Trufflehog with a list of commits need to be scanned.
Trufflehog should have an option with more compact output.
Probably it should also have an option to disable verification mechanism, otherwise it will timeout in internet restricted environments.
Description
Current version (v3.44.0) does not support pre-receive hooks at all.
go-git
andgit
utility don't see incoming commits.go-git
cannot do it due to upstream bug (go-git/go-git#812) whilegit
needs special environment variables.Problem to be Addressed
Pre-receive hooks are a nice way to improve security proactively.
Description of the Preferred Solution
I have prepared an initial fix, #1499, which allows the use of Trufflehog in pre-receive hooks. However, the functionality is still limited.
There are a few problems:
--since-commit
and--branch
options allow scanning a specific range, but in some cases, commits have already been scanned when they were pushed to other branches. Usually, people use the--not --all
flags with the git rev-list command to avoid this. So an easy fix would be to add an option that will allow to supply Trufflehog with a list of commits need to be scanned.References
The text was updated successfully, but these errors were encountered: