Search code examples
pythongithubpre-commit-hookpre-commit.com

Trying to implement trufflehog in my pre-commit however, receiving an entry point error- does any have an example pre-commit config file?

I am trying to use Truffle hog credentials scanner every time I run a commit. Below is both my .precommit config file and error in the terminal.

repos:
-   repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v3.2.0
    hooks:
    -   id: check-yaml
    -   id: end-of-file-fixer
    -   id: trailing-whitespace
-   repo: https://github.com/psf/black
    rev: 22.1.0
    hooks:
    - id: black
      additional_dependencies: ['click==8.0.4']
-   repo: local
    hooks:
    - id: pytest-check
      name: pytest-check
      stages: [commit]
      types: [python]
      entry: pytest
      language: system
      pass_filenames: false
      always_run: true
      repos:
- repo: local
  hooks:
    - id: trufflehog
      name: TruffleHog
      description: Detect secrets in your data.
      entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///jonas_asad --only-verified --fail'
      language: system
      stages: ["commit", "push"]

And the error is:

 pre-commit install && git add . && git commit -m "test"
pre-commit installed at .git\hooks\pre-commit
[WARNING] Unexpected key(s) present on local => pytest-check: repos
Check Yaml...............................................................Passed
Fix End of Files.........................................................Passed
Trim Trailing Whitespace.................................................Passed
black................................................(no files to check)Skipped
pytest-check.............................................................Passed
TruffleHog...............................................................Failed
- hook id: trufflehog
- exit code: 1

time="2022-09-22T13:16:38Z" level=fatal msg="Failed to scan Git." error="could open repo: /jonas_asad: repository does not exist"

I cant figure this out- if you have a working configuration file please show how yours works.

Be much appreciated,

Solution

  • I had the same problem -- the issue was the Docker volume mapping. It scans something inside the container, so you have to map the git root directory to something in the container, then point the tool at that mapping:

    entry: bash -c 'docker run -v "/home/spherulitic/xerafin3:/repo" -i --rm trufflesecurity/trufflehog:latest git file:///repo'

    In this case, my local repo is at /home/spherulitic/xerafin3 on my local machine; it's mapped to /repo inside the container and then I scan the repo at /repo.