I have removed the filter_event so trufflehog now accepts all FILESYSTEM events, if they are not tagged with docker or git it will use truffle hogs filesystem command against it.
FILESYSTEM events can have a description field which allows the prior event to inject some extra context into the what exactly the file is that's been downloaded and where it came from.
git doesn't need this as the repository URL is included in the trufflehog event (I presume it gets this from the .git file). But I have added it to the docker_pull event that's emitted to give the user some extra context instead of "imagename_latest.tar had this plain-text credential"
I decided against de-duplicating the findings output by trufflehog inside this module as we may loose some valuable data from other assets that are not workflow-logs. De-duplication of that should be done in that module.
Finally I have upped the version number of trufflehog to the latest.
This PR enhances the trufflehog module.
I have removed the
filter_eventso trufflehog now accepts allFILESYSTEMevents, if they are not tagged withdockerorgitit will use truffle hogs filesystem command against it.FILESYSTEMevents can have a description field which allows the prior event to inject some extra context into the what exactly the file is that's been downloaded and where it came from. git doesn't need this as the repository URL is included in the trufflehog event (I presume it gets this from the .git file). But I have added it to thedocker_pullevent that's emitted to give the user some extra context instead of "imagename_latest.tar had this plain-text credential"I decided against de-duplicating the findings output by trufflehog inside this module as we may loose some valuable data from other assets that are not workflow-logs. De-duplication of that should be done in that module.
Finally I have upped the version number of trufflehog to the latest.