File Analysis with TruffleHog

by Tim Coakley

In this course, you will learn to perform file analysis of source code repositories using the tool TruffleHog, which is one of the essential steps of continuous data loss detection and prevention

What you'll learn

In this course, File Analysis with TruffleHog you will cover how to utilize TruffleHog to identify and detect sensitive data such as credentials accidentally committed to source code repository environments. You will discover how to audit your source environments including recent and historic source code commits. You will learn how to place decoy credentials in source code repositories and analyze your repositories for exposed credentials. When you are finished with this course, you will have the skills and knowledge to aid in mitigating technique T1552 using TruffleHog.

Table of contents

Course Overview

Course FAQ

What is TruffleHog?

TruffleHog is a Python based tool that is designed to search source code repositories for high entropy strings that can represent git secrets.

What will you learn in this file analysis course?

In this course, you will learn how to utilize TruffleHog to identify and detect credentials and secrets stored within source code respositores and how to audit your source code repositories to help protect your environments to reduce security risks.

Who is this cyber security course for?

This course is aimed at all security professionals, whether it be for general awareness or how to implement and use the tooling. I would also recommend this course to users traditionally outside of security teams, such as developers and product managers, as there is useful information here in the growing area of DevSecOps.

What software is needed for this course?

For this course, you will need to download TruffleHog. This tool is free to download and free to use.

What is GitHub?

GitHub is a website and cloud-based service that helps developers store and manage their code, as well as track and control changes made to their code. Two key components to GitHub are version control and Git.

About the author

Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at Pluralsight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases. Parallel to this Tim ran a research and development business creating solutions from design through to support resulting in some unique and niche software not developed anywhere else. Tim now works fully within t... more

Ready to upskill? Get started