Secret Detection

March 01, 2026

Scanning for Secrets in Docker Images: A Deep Dive

We analyzed 10,000 public Docker Hub images and found credentials in 14% of them.

Dylan Ayrey

February 20, 2026

The Anatomy of a GitHub Secret Leak: From Commit to Compromise

How long does it take for a leaked AWS key on GitHub to be exploited? We measured it.

Dylan Ayrey

February 12, 2026

TruffleHog v3.80: Custom Detectors and Enterprise Regex Engine

New release adds user-defined detector patterns and a 5x faster regex engine.

Truffle Security Engineering

February 04, 2026

Detecting Leaked Secrets in Terraform State Files

Terraform state files are one of the most overlooked sources of credential exposure.

Megan Masanz

January 28, 2026

NPM Package Analysis: 3,200 Packages Shipping Hardcoded Secrets

Our large-scale scan of the npm registry reveals widespread credential leakage in published packages.

Truffle Security Research

January 18, 2026

Git Archaeology: Finding Secrets Deleted Years Ago

Deleted doesn't mean gone. We explain how TruffleHog recovers secrets from git history.

Truffle Security Engineering