Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How can I use it offline? The network environment I'm in cannot connect to the internet. #3961

Open
zblzbl1991 opened this issue Mar 6, 2025 · 3 comments

Comments

@zblzbl1991
Copy link

How can I use it offline? The network environment I'm in cannot connect to the internet.

@kashifkhan0771
Copy link
Contributor

For offline scanning, first ensure that trufflehog is installed on your system. Then execute your scan using the --no-verification flag, as the secret verification process requires an internet connection.

@zblzbl1991
Copy link
Author

For offline scanning, first ensure that trufflehog is installed on your system. Then execute your scan using the flag, as the secret verification process requires an internet connection.--no-verification

I executed it, but I’m not sure how to determine the cause of the issue in the output results. For example, the result indicates that there’s a problem on a specific line, but if I need to communicate this to the relevant developers, how should I describe the issue and how it should be fixed? Could you provide me with a related documentation or guide?

@kashifkhan0771
Copy link
Contributor

Trufflehog scans sources to detect secrets. For example, if you run it on a folder or file in your system and a secret is found, the output might look like this:

Detector Type: ElevenLabs  
Decoder Type: PLAIN  
Raw result: sk_8a0bfaked43367fake605542e2ae61c1fake313faad1fake 
File: /home/username/tokens/data.txt
Line: 4
Analyze: Run `trufflehog analyze` to analyze this key's permissions  
  • Detector Type: Identifies the service or application to which the detected secret belongs.
  • Raw result: Displays the detected secret.
  • File: Specifies the exact file where the secret was found.
  • Line: Indicates the exact line number in the file containing the secret.
  • Analyze: This indicates that an analyzer exist for this detector. Run command trufflehog analyze to further analyze this detected secret with it's analyzer.

To notify a developer, you can say:
"Line x of file y contains a leaked secret for <Detector Type>."

To fix this, the secret should either be removed from public access or, if it's in the code, replaced with an environment variable instead of being hardcoded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants