When you log into TruffleHog, you will see "Sources" on the left. This is where you can initially set up what sources you would like to be scanned, view when the scan was last completed for a particular source, the status of the scan, as well as edit any configuration information.
https://downloads.intercomcdn.com/i/o/472555936/c5c59bed9d135c67b1a5418a/image.png"/>From the Sources page, you are also able to add and configure new sources to be scanned. To do this, click on the "+" in the upper right.
https://downloads.intercomcdn.com/i/o/472556656/eaeaaaad6b84b5f301f745d5/image.png"/>Then, choose the specific source that you would like scanned by clicking "+Add".
https://downloads.intercomcdn.com/i/o/472557906/3458aad44464c5b84e6f84cb/image.png"/>Each source will ask you for additional information in order to complete the information. Please see the linked documentation for specific source requirements.
For example, to start scanning your GitLab repository commit history, you will enter the following information:
Name
Which agents should scan this source?
Duration Between Scans
Username
API Key
https://downloads.intercomcdn.com/i/o/472558801/c38e2cab8b5871b868c3b955/image.png"/>Once you have entered information into the required fields, click submit and your scan will begin!
Please note: Agents run the scans. They can be hosted in your infrastructure or Truffle Security's. If you want to scan using the TruffleHog cloud, select Hosted. If you would like to run the agents yourself, check out this documentation about how to set up TruffleHog on-prem.
TruffleHog supports many different sources. To find specific information about the source that you would like to setup, please select the article below:
GitHub
GitLab
Slack
S3
S3 Unauthenticated
BitBucket
Jira
Confluence
Public Git Repos
Buildkite
Gerrit
Git
Jenkins
JFrog Artifactory
If you have any questions about setting up your sources, please reach out to us at: support@trufflesec.com.