Skip to content

Add comprehensive TruffleHog security scanning documentation #1255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add comprehensive TruffleHog security scanning documentation #1255

wants to merge 1 commit into from

Conversation

codegen-sh[bot]
Copy link
Contributor

@codegen-sh codegen-sh bot commented Sep 16, 2025

This PR adds comprehensive documentation for TruffleHog security scanning based on the implementation in the cloud repo.

What's Added

  • New documentation page: docs/sandboxes/security-scanning.mdx
  • Updated navigation: Added the new page to docs.json

Documentation Coverage

The new documentation explains:

Core Functionality

  • How TruffleHog integrates with Codegen's workflow
  • Pre-push hooks that scan modified files
  • Security scanning during signed commits

Configuration

  • .trufflehogignore file usage and patterns
  • Scan configuration options
  • Example ignore patterns for common false positives

Troubleshooting

  • How to handle scan failures
  • Resolving false positives vs real secrets
  • When and how to bypass scans (with strong warnings)

Best Practices

  • Secret management recommendations
  • Repository security guidelines
  • Team training considerations

Technical Details

  • Installation and command-line usage
  • Integration points in the codebase
  • Specific scan parameters used

Implementation Details from Cloud Repo

Based on analysis of the cloud repository, this documentation covers:

  • Pre-push hook implementation (scripts/pre-push.sh)
  • Signed commit tool integration (create_signed_commit)
  • Sandbox installation via Dockerfile
  • Real-world .trufflehogignore examples

The documentation provides users with everything they need to understand and work with TruffleHog security scanning in their Codegen workflows.

💻 View my work • 👤 Initiated by @kopekC • 💬 Initiated in #agi-testAbout Codegen
⛔ Remove Codegen from PR🚫 Ban action checks

@codegen-sh @kopekC
Add comprehensive TruffleHog security scanning documentation
e406b04 
- Add new security-scanning.mdx page explaining TruffleHog usage
- Document pre-push hooks and signed commit scanning
- Include configuration examples and troubleshooting guide
- Add best practices for secret management
- Update docs.json navigation to include new page

Co-authored-by: Eduardo Pujol <[email protected]>
@codegen-sh codegen-sh bot requested review from codegen-team and a team as code owners September 16, 2025 16:40
@codecov Codecov
Copy link

codecov bot commented Sep 16, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codegen-team codegen-team Awaiting requested review from codegen-team codegen-team is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@kopekC kopekC

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kopekC