You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would have expected trufflehog github --org cameronlonsdale to scan all my public and private repositories / gists IF I provide a GItHub API token with the appropriate scopes. However it seems like only public repositories were scanned.
The API token I'm using has the following scopes gist, read:org, read:user, repo
Actual Behavior
Only public repositories were scanned (and no private repositories)
Steps to Reproduce
Create an appropriately scoped GitHub Token and then scan your own user with trufflehog github --org <my-username> and evaluate the output to see how many repositories were scanned, e.g. Completed enumeration {"source_manager_worker_id": "qtPLB", "num_repos": 32, "num_orgs": 1, "num_members": 0}. Compare this with the number of repositories that belong to your user (ignoring forks)
Environment
OS: MacOS
Version 14.6
The text was updated successfully, but these errors were encountered:
Interesting enough, if I run with --org it does properly scan my private repo, and finds my testing creds properly, but when I swap that with --repo (same exact token) I get:
2024-10-09T10:08:42Z error trufflehog error running scan {"error": "engine failed to finish execution: fatal: no repoInfo for URL: https://github.com/<private_org>/<private_repo>.git"}
I'm using the docker image like docker run -e GITHUB_TOKEN ghcr.io/trufflesecurity/trufflehog github --repo=https://github.com/<private_org>/<private_repo>.git --no-verification --issue-comments --pr-comments --fail
This is an M3 mac running 15.0.1. The container is running trufflehog 3.82.7
Please review the Community Note before submitting
TruffleHog Version
trufflehog 3.82.6
Trace Output
Can be provided if necessary
Expected Behavior
I would have expected
trufflehog github --org cameronlonsdale
to scan all my public and private repositories / gists IF I provide a GItHub API token with the appropriate scopes. However it seems like only public repositories were scanned.The API token I'm using has the following scopes
gist, read:org, read:user, repo
Actual Behavior
Only public repositories were scanned (and no private repositories)
Steps to Reproduce
Create an appropriately scoped GitHub Token and then scan your own user with
trufflehog github --org <my-username>
and evaluate the output to see how many repositories were scanned, e.g.Completed enumeration {"source_manager_worker_id": "qtPLB", "num_repos": 32, "num_orgs": 1, "num_members": 0}
. Compare this with the number of repositories that belong to your user (ignoring forks)Environment
The text was updated successfully, but these errors were encountered: