Both of these attacks have used trufflehog. Is there an out of the box way to bl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		darnthenuggets 20 days ago \| parent \| context \| favorite \| on: Shai-Hulud Returns: Over 300 NPM Packages Infected Both of these attacks have used trufflehog. Is there an out of the box way to block that executable by name or signature?

jamietanna 20 days ago [–]

I'd say an alternative question is "how can we stop storing secrets in source control" so then tools like Trufflehog can't find them :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact