This project provides a set of scanners that will use regular expressions to try and detect the presence of sensitive information such as API keys, passwords, and personal information. It includes a set of regular expressions by default, but will also accept a JSON object containing your custom regular expressions.
Rusty Hog is built in Rust for performance, and based on TruffleHog which is written in Python. It provides the following binaries:
- Ankamali Hog: Scan for secrets in a Google Doc
- Berkshire Hog: Scan for secrets in an S3 bucket (either by CLI, or Lambda function)
- Choctaw Hog: Scan for secrets in a Git repository
Download and unzip the latest ZIP on the releases tab, then you can run each binary with
-h to see the usage.
wget https://github.com/newrelic/rusty-hog/releases/download/v1.0.1/rustyhogs-1.0.1.zip unzip rustyhogs-1.0.1.zip cd darwin_releases ./choctaw_hog -h
New Relic has open-sourced this project. This project is provided AS-IS WITHOUT WARRANTY OR SUPPORT, although you can report issues and contribute to the project on GitHub.
Please do not report issues with this software to New Relic Global Technical Support.
New Relic hosts and moderates an online forum where customers can interact with New Relic employees as well as other customers to get help and share best practices. Like all official New Relic open source projects, there’s a related Community topic in the New Relic Explorer’s Hub. This post is the Rusty Hogs project topic.