Path to this page:
Subject: CVS commit: pkgsrc/security/trufflehog
From: Leonardo Taccari
Date: 2024-01-07 14:10:55
Message id: 20240107131056.04E15FA42@cvs.NetBSD.org
Log Message:
trufflehog: Update to 3.63.7
pkgsrc changes:
- Use a forked go-ps that supports NetBSD, from wip/flux2
Changes:
v3.63.7
* Add skip archive support
* Skip all binaries
v3.63.6
* Adds basic if/else check if pid slice is empty
* Avoid extraneous authentication attempts when verifying Snowflake
v3.63.5
* Update Freshworks verification to check for valid JSON response
* Enhance HuggingFace extra data
* Convert Shortcut detector to tri-state verification
* add secretID to chunk
v3.63.4
* Update GitLab v1 verification to check for valid JSON response
* Fix GitHub source showing 0 members
v3.63.3
* Deprecate some detectors
* Remove Java archives from ignored extensions
* Check private keys concurrently
* Use bad json in slackwebhooks
* Fix azurestorage detector
* fix and refactor browserstack detector
* Update metabase verification to check for a valid JSON response
v3.63.2
## Changelog
* skip files we can't scan
* Ignore images and binaries
v3.63.1
## Changelog
* fix nil map assignment
v3.63.0
## Changelog
* Add JSON tags to job metrics
* extract AWS account number from ID without verification
* Adding Sumo Logic how to rotate
* Added Replicate API token detector
* Added Ngrok API token detector
* Added v2 version for fullstory
* Add support for user:pass@host to postgres JDBC detector
* Add Overloop detector
* Added Request.Finance API token detector
* Created grafana service account detector
* Fixed zulipchat detector
* Added eventbrite detector
* logz.io detector
* Coda Detector
* Fix LiveAgent Detector & Verifier
* Pulling short lived AWS keys into their own thing
* Support multiple detectors per match
* Fix ScraperSite (deprecated)
* Fix PassBase (acquired, deprecated)
* Created Grafana Cloud API Key detector
* Fix/Deprecate Prospect.io
* Added resource type mapping to extraData in AWS
* Fix FakeJSON (deprecated)
* Adding Azure Container Registry Password Detector
* Fix SentimentInvestor (deprecated)
* Adding Azure Batch keys
v3.62.1
* Fix several detectors
* Support multiple custom detectors
* Centralize logic for checking archive extraction tools
v3.62.0
* Added LemonSqueezy API token detector
* Added Budibase API token detector
* Developed Deno Deploy Detector
* Added Stripo API token detector
* Added Reply.io API token detector
v3.61.0
* Fix/Remove Happi Detection & Verification
* Fix/Remove Flowdock detector
* Fix SurveyBot Verification
* Added BetterStack API token detector
* Added ZeroTier API token detector
* Added AppOptics API token detector
* Add Metabase Session Secret Detector
* Add Coinbase Wallet-as-a-Service detector
v3.60.4
* loggly detector
* Added OpenVPN API Detector
* Added Portainer Detector
* Fix/Remove baseapi detector (no longer exists)
* Added Vagrant Cloud Access Token Detector
* fixed monday.com regex
* Fix ScreenshotAPI Verification
* Fix MeaningCloud Verification
* Deprecate Glitterly
* Fix/Remove BlaBlaBus, API retired
* Fix/Remove QuickMetrics (shutdown)
* Fix/Remove DataFire, API retired
v3.60.3
* Fix CloudSmith verification
* NewRelic Detector -fallback to EU Api for verification
* Added PortainerToken Detector
v3.60.2
* Add Voiceflow detector
* Fix plaid.com API key detection
* Add Privacy.com API key detector
* Add ipinfo.io API key detector
* add IP2Location api key detector
* Fix SuperNotes API verification
* Add InstaMojo Payment Detector
* Fix CodeClimate verification
v3.60.1
* Bug fixes
v3.60.0
* Use placeholder as default if field left empty and is required
* add tristate verification to postman
* support insecure TLS for Jira and Jenkins
* add ramp.com client id & secret detector
* add anthropic api key detector
* fix notion.so false negative verification
* Add Klaviyo API Secret Detector
* added cody gateway token detection code
v3.59.0
* Bug fixes and documentation improvements
v3.58.0
* Added PR and Issue body scanning
* Added Web3 Storage detector
* Use S3 credentials waterfall
v3.57.0
* Bug fixes and improvements
v3.56.1
* Bug fixes and improvements
v3.56.0
* Implement Gitlab source validation
* Bug fixes and improvements
v3.55.1
* fix slackwebhook detector
* Add log verbosity
v3.55.0
* Improve private key detector
* Bug fixes and improvements
v3.54.4
* Validate s3 source
* Add Tailscale detector
* Retry AWS verification 403s
* Bug fixes and improvements
v3.54.3
* Bug fixes and improvements
v3.54.2
* Update to Go 1.21
* Bug fixes and improvements
v3.54.1
* Bug fixes and improvements
v3.54.0
* add snowflake detector
* Support azure git links
* Bug fixes and improvements
v3.53.0
* add rate limit and consumption metrics for GitHub
* Bug fixes and improvements
v3.52.1
* update test file
v3.52.0
* Bug fixes
v3.51.0
* Bug fixes
v3.50.0
* add salesforce detector
v3.49.0
* Docker scanning by digest
* add huggingface detector
v3.48.0
* Bug fixes and improvements
v3.47.0
* Github Oauth2 verification
* Add terminal UI
v3.46.3
* Bug fixes and improvements
v3.46.2
* Bug fixes and improvements
v3.46.1
* Bug fixes
v3.46.0
* Bug fixes and improvements
v3.45.3
* Add path (location of file) to Google Drive proto
* Bug fixes and improvements
v3.45.2
* Pass GitHub apiEndpoint for basic or no auth
* Improve log message when scanning GitHub comments
* Detect CosmoDB access keys
* Add azure repos protos
* add merge support
* Bug fixes and improvements
v3.45.1
* Bug fixes and improvements
v3.45.0
* add envoy api key scanner
* add couchbase scanner to defaults
* tweak jdbc redaction
* add thog enterprise detector for web keys
* add dockerhub scanner
* Bug fixes and improvements
v3.44.0
* Remove the Image4 detector
* scan GitHub PR and issue comments
* Dedupe results
* Bug fixes and improvements
v3.43.0
* Introduce `trufflehog:ignore` tag feature
* Add missing keywords for sqlserver
* Bug fixes and improvements
v3.42.0
* Exit with non-zero exit code on chunk source error
* Add Couchbase Detector
* Use url redaction in git
* added opsgenie detector
* Bug fixes and improvements
v3.41.1
* Bug fixes and improvements
v3.41.0
* Add Docker image scanning
* Bug fixes and improvements
v3.40.0
* Add DocuSign detector
v3.39.0
* No changes available
v3.38.0
* Check that git meets version requirements
v3.37.0
* Add message for discord server in readme
* Make OpenAI regex more specific
* Bug fixes and improvements
v3.36.0
* Misc improvements
v3.35.0
* added pulumi cloud Access token detector
* Add buildkitev2 detector for newer tokens
* Add Base64URLSafe decoder
v3.34.0
* add tineswebhook detector
v3.33.0
* Added a new detector for percy.io
* Bug fixes and improvements
v3.32.2
* Bug fixes and improvements
v3.32.1
* Bug fixes and improvements
v3.32.0
* Adding Google drive to MetaData proto
* Allow multiple team IDs for MS Teams
* Bug fixes and improvements
v3.31.6
* optimize gitparse handling of diffs
v3.31.5
* Use persistable cache for GCS progress tracking
* Bug fixes and improvements
v3.31.4
* Adding support for the AWS_SESSION_TOKEN
v3.31.3
* Bug fixes and improvements
v3.31.2
* revert to original entrypoint config
v3.31.1
* ensure stdout is still provided
v3.31.0
* Support for exclude globs at the `git log` level
* Add GitHub Actions output
v3.30.0
* Add resuming capability to GCS source
* Add OpenAI API Tokens detector
* Add Oauth creds to GCS
* Delete progress tracking from GCS source
v3.29.1
* Make slack webhook detector regex more specific
v3.29.0
* Remove period from file extension
* Add gcs scanning integration
v3.28.7
* Support filtering detectors by version
v3.28.6
* Misc improvements
v3.28.5
* Only scanned staged git changes
v3.28.4
* Custom regex parallel verify
v3.28.3
* Support file scanning in filesystem source
* Add ability to include and exclude detectors
v3.28.2
* Bug fixes
v3.28.1
* Bug fixes
v3.28.0
* Github filter support for exclude and include
* Correctly parse most filenames with ' and '
* Adding initial protos for Google Drive scanner
* Bug fixes and improvements
v3.27.1
* Revert "Make detectors configurable"
v3.27.0
* braintree detector: use production API URL instead of the test sandbox
* Add max commit size
* Make detectors configurable
v3.26.0
* Add openssh-client to trufflehog container
* filesystem support for exclude and include filters (2nd attemp)
* Add file to confluence proto.
* Remove false positive detection for CustomRegex
v3.25.4
* fix github integration tests
v3.25.3
* Add concurrency to CircleCi source
* Updated stdout to print results in alphabetical order for consistent output
* Add location to Teams source metadata
* Limit diff size to prevent out of control memory use.
v3.25.2
* Use access-token endpoint for validity check
* Record timestamp when a context was cancelled
* remove logger from retryable client, it is not respecting loglevels
v3.25.1
* Update entrypoint
v3.25.0
* Copy metadata for line number aware sources
* Rename and export isGitSource
Files: