Trying to implement trufflehog in my pre-commit however, receiving an entry point error- does any have an example pre-commit config file?

Question

I am trying to use Truffle hog credentials scanner every time I run a commit. Below is both my .precommit config file and error in the terminal.

repos:
-   repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v3.2.0
    hooks:
    -   id: check-yaml
    -   id: end-of-file-fixer
    -   id: trailing-whitespace
-   repo: https://github.com/psf/black
    rev: 22.1.0
    hooks:
    - id: black
      additional_dependencies: ['click==8.0.4']
-   repo: local
    hooks:
    - id: pytest-check
      name: pytest-check
      stages: [commit]
      types: [python]
      entry: pytest
      language: system
      pass_filenames: false
      always_run: true
      repos:
- repo: local
  hooks:
    - id: trufflehog
      name: TruffleHog
      description: Detect secrets in your data.
      entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///jonas_asad --only-verified --fail'
      language: system
      stages: ["commit", "push"]

And the error is:

 pre-commit install && git add . && git commit -m "test"
pre-commit installed at .git\hooks\pre-commit
[WARNING] Unexpected key(s) present on local => pytest-check: repos
Check Yaml...............................................................Passed
Fix End of Files.........................................................Passed
Trim Trailing Whitespace.................................................Passed
black................................................(no files to check)Skipped
pytest-check.............................................................Passed
TruffleHog...............................................................Failed
- hook id: trufflehog
- exit code: 1

time="2022-09-22T13:16:38Z" level=fatal msg="Failed to scan Git." error="could open repo: /jonas_asad: repository does not exist"

I cant figure this out- if you have a working configuration file please show how yours works.

Be much appreciated,

if you run this outside of pre-commit what happens? (I don't think this is a pre-commit issue): `docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///jonas_asad --only-verified --fail` — anthony sottile, Sep 22 '22 at 13:33
Its not recognising the repo in which the files are placed. I am not sure how to code this really-what the path should be? — JnooriRS, Sep 22 '22 at 14:42
ok then it has nothing to do with pre-commit -- I'd recommend editing down your question to just that and removing the python and pre-commit related tags — anthony sottile, Sep 22 '22 at 15:11

score 1 · Accepted Answer · edited Jan 06 '23 at 19:32

I had the same problem -- the issue was the Docker volume mapping. It scans something inside the container, so you have to map the git root directory to something in the container, then point the tool at that mapping:

entry: bash -c 'docker run -v "/home/spherulitic/xerafin3:/repo" -i --rm trufflesecurity/trufflehog:latest git file:///repo'

In this case, my local repo is at /home/spherulitic/xerafin3 on my local machine; it's mapped to /repo inside the container and then I scan the repo at /repo.

score -3 · Answer 2 · answered Sep 22 '22 at 15:46

I found that this worked

- repo: local
  hooks:
    - id: semgrep
      name: Semgrep Docker
      description: Detect secrets in your data.
      entry: bash -c 'docker run -v "$(pwd):/src" -i --rm returntocorp/semgrep semgrep scan --json . --config=auto --output=semgrep_results.json'
      language: system
      stages: ["commit", "push"]

Trying to implement trufflehog in my pre-commit however, receiving an entry point error- does any have an example pre-commit config file?

2 Answers2