TruffleHog
trufflesecurity.comUncovers exposed non-human identities and secrets, making remediation easier.
Securitysecrets-detectioncredential-scanningopen-sourcedevsecopsapi-key-leaksnon-human-identitiesgithub-scanning
About
TruffleHog is an open-source and enterprise secrets detection tool that scans source code, version history, chat systems, and cloud services for leaked API keys, passwords, and credentials. It classifies over 800 secret types, validates whether they are still active, and provides detailed analysis of exposed identities. An enterprise tier adds continuous monitoring, dashboards, integrations, and role-based access control for security teams.
Problem
Millions of API keys, passwords, and tokens leak from source code, chat systems, and other tools, creating active security vulnerabilities that are hard to detect and remediate.
For
Developers and security teams managing credential and secrets exposure risks
How it works
TruffleHog scans repositories, version histories, and integrated platforms to discover, classify, and validate leaked secrets, then surfaces findings through a dashboard or CLI for remediation.
Business model
freemium
Status
launched
Company
Truffle Security Co.