chore: make --results hidden

.github/workflows/secrets.yml

@@ -24,4 +24,4 @@ jobs:
       uses: ./
       id: dogfood
       with:
-        extra_args: --only-verified
+        extra_args: --results=verified,unknown

README.md

@@ -117,7 +117,7 @@ This required Cosign binary to be installed prior to running installation script
 Command:
 
 ```bash
-trufflehog git https://github.com/trufflesecurity/test_keys --results=verified
+trufflehog git https://github.com/trufflesecurity/test_keys --only-verified
 ```
 
 Expected output:
@@ -141,15 +141,15 @@ Timestamp: 2022-06-16 10:17:40 -0700 PDT
 ## 2: Scan a GitHub Org for only verified secrets
 
 ```bash
-trufflehog github --org=trufflesecurity --results=verified
+trufflehog github --org=trufflesecurity --only-verified
 ```
 
 ## 3: Scan a GitHub Repo for only verified keys and get JSON output
 
 Command:
 
 ```bash
-trufflehog git https://github.com/trufflesecurity/test_keys --results=verified --json
+trufflehog git https://github.com/trufflesecurity/test_keys --only-verified --json
 ```
 
 Expected output:
@@ -168,7 +168,7 @@ trufflehog github --repo=https://github.com/trufflesecurity/test_keys --issue-co
 ## 5: Scan an S3 bucket for verified keys
 
 ```bash
-trufflehog s3 --bucket=<bucket name> --results=verified
+trufflehog s3 --bucket=<bucket name> --only-verified
 ```
 
 ## 6: Scan S3 buckets using IAM Roles
@@ -192,23 +192,23 @@ trufflehog filesystem path/to/file1.txt path/to/file2.txt path/to/dir
 ## 9: Scan GCS buckets for verified secrets.
 
 ```bash
-trufflehog gcs --project-id=<project-ID> --cloud-environment --results=verified
+trufflehog gcs --project-id=<project-ID> --cloud-environment --only-verified
 ```
 
 ## 10: Scan a Docker image for verified secrets.
 
 Use the `--image` flag multiple times to scan multiple images.
 
 ```bash
-trufflehog docker --image trufflesecurity/secrets --results=verified
+trufflehog docker --image trufflesecurity/secrets --only-verified
 ```
 
 ## 11: Scan in CI
 
 Set the `--since-commit` flag to your default branch that people merge into (ex: "main"). Set the `--branch` flag to your PR's branch name (ex: "feature-1"). Depending on the CI/CD platform you use, this value can be pulled in dynamically (ex: [CIRCLE_BRANCH in Circle CI](https://circleci.com/docs/variables/) and [TRAVIS_PULL_REQUEST_BRANCH in Travis CI](https://docs.travis-ci.com/user/environment-variables/)). If the repo is cloned and the target branch is already checked out during the CI/CD workflow, then `--branch HEAD` should be sufficient. The `--fail` flag will return an 183 error code if valid credentials are found.
 
 ```bash
-trufflehog git file://. --since-commit main --branch feature-1 --results=verified --fail
+trufflehog git file://. --since-commit main --branch feature-1 --only-verified --fail
 ```
 
 # :question: FAQ
@@ -267,9 +267,11 @@ Flags:
   -j, --json                Output in JSON format.
       --json-legacy         Use the pre-v3.0 JSON format. Only works with git, gitlab, and github sources.
       --github-actions      Output in GitHub Actions format.
-      --concurrency=8       Number of concurrent workers.
+      --concurrency=20           Number of concurrent workers.
       --no-verification     Don't verify the results.
-      --results=verified... ...  Specifies which type(s) of results to output: verified, unknown, and unverified. This flag can be repeated.
+      --only-verified       Only output verified results.
+      --allow-verification-overlap
+                                 Allow verification of similar credentials across detectors
       --filter-unverified   Only output first unverified result per chunk per detector if there are more than one results.
       --filter-entropy=FILTER-ENTROPY
                                  Filter unverified results with Shannon entropy. Start with 3.0.
@@ -279,6 +281,7 @@ Flags:
       --no-update           Don't check for updates.
       --fail                Exit with code 183 if results are found.
       --verifier=VERIFIER ...    Set custom verification endpoints.
+      --custom-verifiers-only   Only use custom verification endpoints.
       --archive-max-size=ARCHIVE-MAX-SIZE
                                  Maximum size of archive to scan. (Byte units eg. 512B, 2KB, 4MB)
       --archive-max-depth=ARCHIVE-MAX-DEPTH
@@ -363,7 +366,7 @@ jobs:
     - name: Secret Scanning
       uses: trufflesecurity/trufflehog@main
       with:
-        extra_args: --results=verified
+        extra_args: --only-verified
 ```
 
 In the example config above, we're scanning for live secrets in all PRs and Pushes to `main`. Only code changes in the referenced commits are scanned. If you'd like to scan an entire branch, please see the "Advanced Usage" section below.
@@ -391,7 +394,7 @@ If you're incorporating TruffleHog into a standalone workflow and aren't running
           fetch-depth: ${{env.depth}}
       - uses: trufflesecurity/trufflehog@main
         with:
-          extra_args: --results=verified
+          extra_args: --only-verified
 ...
 ```
 
@@ -415,7 +418,7 @@ TruffleHog statically detects [https://canarytokens.org/](https://canarytokens.o
     # Scan commits until here (usually dev branch).
     head: # optional
     # Extra args to be passed to the trufflehog cli.
-    extra_args: --debug --results=verified
+    extra_args: --debug --only-verified
 ```
 
 If you'd like to specify specific `base` and `head` refs, you can use the `base` argument (`--since-commit` flag in TruffleHog CLI) and the `head` argument (`--branch` flag in the TruffleHog CLI). We only recommend using these arguments for very specific use cases, where the default behavior does not work.
@@ -427,7 +430,7 @@ If you'd like to specify specific `base` and `head` refs, you can use the `base`
         with:
           base: ""
           head: ${{ github.ref_name }}
-          extra_args: --results=verified
+          extra_args: --only-verified
 ```
 
 ## Pre-commit Hook
@@ -448,9 +451,9 @@ repos:
       - id: trufflehog
         name: TruffleHog
         description: Detect secrets in your data.
-        entry: bash -c 'trufflehog git file://. --since-commit HEAD --results=verified --fail'
+        entry: bash -c 'trufflehog git file://. --since-commit HEAD --only-verified --fail'
         # For running trufflehog in docker, use the following entry instead:
-        # entry: bash -c 'docker run --rm -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --since-commit HEAD --results=verified --fail'
+        # entry: bash -c 'docker run --rm -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --since-commit HEAD --only-verified --fail'
         language: system
         stages: ["commit", "push"]
 ```
@@ -490,7 +493,7 @@ detectors:
 
 
 ```
-$ trufflehog filesystem /tmp --config config.yaml --results=verified
+$ trufflehog filesystem /tmp --config config.yaml --only-verified
 🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷
 
 Found verified result 🐷🔑

main.go

@@ -49,8 +49,8 @@ var (
 	gitHubActionsFormat = cli.Flag("github-actions", "Output in GitHub Actions format.").Bool()
 	concurrency         = cli.Flag("concurrency", "Number of concurrent workers.").Default(strconv.Itoa(runtime.NumCPU())).Int()
 	noVerification      = cli.Flag("no-verification", "Don't verify the results.").Bool()
-	onlyVerified        = cli.Flag("only-verified", "Only output verified results.").Hidden().Bool()
-	results             = cli.Flag("results", "Specifies which type(s) of results to output: verified, unknown, unverified. This flag can be repeated. Defaults to all types.").Default("verified,unknown").String()
+	onlyVerified        = cli.Flag("only-verified", "Only output verified results.").Bool()
+	results             = cli.Flag("results", "Specifies which type(s) of results to output: verified, unknown, unverified. This flag can be repeated. Defaults to all types.").Default("verified,unknown").Hidden().String()
 
 	allowVerificationOverlap = cli.Flag("allow-verification-overlap", "Allow verification of similar credentials across detectors").Bool()
 	filterUnverified         = cli.Flag("filter-unverified", "Only output first unverified result per chunk per detector if there are more than one results.").Bool()