Closed edthedev closed 3 years ago
I would run this now, but I broke my Docker when setting up for SANS training.
@edthedev , I am trying to run
docker run -v /c/src:/etc/src dxa4481/trufflehog /etc/src/secdev-robot
but I am getting no output - does that mean that it is finding nothing, or that it is running incorrectly?
[1:36 PM] Delaporte, Edward Charles Oh, just passing --verbose may give much better output. [1:36 PM] Delaporte, Edward Charles I imagine it might follow a unix "any output is failure" style by default. Some build system tools do. [1:37 PM] Delaporte, Edward Charles Or --render-html will actually output a whole HTML file to read. [1:37 PM] Delaporte, Edward Charles That, I expect, will output a file even if there are no findings. https://teams.microsoft.com/l/message/19:9bffddcde9924ba7ad2d45b394052b45@thread.skype/1620758174615?tenantId=44467e6f-462c-4ea2-823f-7800de5434e3&groupId=293d6f51-9166-4f6f-b6cd-f3335c630c02&parentMessageId=1620757721818&teamName=PrivSec&channelName=SecDevOps&createdTime=1620758174615
@edthedev , after your suggestion of installing and using trufflehog3 ( https://github.com/feeltheajf/truffleHog3 ), I did the following:
1) Install truffleHog3
python -m pip install truffleHog3
2) Run truffleHog3 and make output appear in HTML formatting.
python -m truffleHog3 -f html -o secdev-robot.html secdev-robot
Note: This version, and the older version mentioned above, do not provide output by default unless there are issues (verbose does not correct this).
However, truffleHog3 has the option for an HTML output file with formatting, that will show information even if there are no errors, etc.
Using this, I did not see any errors appear, and the code passed.
Huzzah!! 🎉🎂