⚙️ Engineering Awaiting Security Review

TruffleHog Secrets Scanner

Scan your codebase for leaked credentials, API keys, and secrets using TruffleHog. Detects 800+ credential types with live verification against real APIs to confirm which leaks are active.

This skill integrates TruffleHog into your development workflow, scanning git history, filesystem, and CI pipelines for accidentally committed secrets. It verifies found credentials against live APIs to distinguish active leaks from stale ones, and provides remediation steps for each finding.

security secrets credentials devsecops scanning

When to use

Use when you want to audit your repo for leaked secrets before a release, during security reviews, or as part of a pre-commit check. Works with git repos, Docker images, and S3 buckets.

Examples

Scan git history for secrets

Find any leaked credentials in your repo's entire commit history

Scan this repository for any leaked API keys, tokens, or credentials in the git history

Pre-release security audit

Check for secrets before pushing to production

Run a secrets scan on all staged changes before I push this release