# Install trufflehog with Homebrew, chocolatey, MacPorts, Nix, scoop, zypper

Find and verify credentials. Version 3.95.8 via Homebrew; verified 2026-07-03.

## Install

```sh
sudo av install brew:trufflehog
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install trufflehog
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install trufflehog
```

  Evidence: MacPorts ports tree: security/trufflehog/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#trufflehog
```

  Evidence: nixpkgs package indexes: pkgs/by-name/tr/trufflehog/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- zypper (92%):

```sh
sudo zypper install trufflehog
```

  Evidence: openSUSE Tumbleweed package metadata: trufflehog from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Chocolatey (92%):

```sh
choco install trufflehog
```

  Evidence: Chocolatey community package catalog: trufflehog from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','timberwinr'

- Scoop (92%):

```sh
scoop install main/trufflehog
```

  Evidence: Scoop official bucket manifest trees: bucket/trufflehog.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:trufflehog
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/trufflehog>
- **Version:** 3.95.8
- **Source summary:** Find and verify credentials
- **Homepage:** <https://trufflesecurity.com/>
- **Repository:** <https://github.com/trufflesecurity/trufflehog>
- **Upstream docs:** <https://github.com/trufflesecurity/trufflehog#readme>
- **License:** AGPL-3.0-only
- **Source archive:** <https://github.com/trufflesecurity/trufflehog/archive/refs/tags/v3.95.8.tar.gz>
- **Last updated:** 2026-07-03T00:12:26Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- trufflehog (cli)
- trufflehog (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.95.8
- Package-manager updated: 2026-07-03
- Local data: ok
- Upstream repository: https://github.com/trufflesecurity/trufflehog
- Upstream latest detected: v3.95.8 (current)
## Project history and usage

TruffleHog is an open-source secrets scanner for finding, classifying, verifying, and analyzing leaked credentials across Git repositories and many other sources.

### Project history

The original TruffleHog was written to detect API keys, passwords, and secrets committed to Git. In April 2022, Truffle Security introduced TruffleHog v3 as a major rewrite focused on speed, broader detector coverage, and automatic validation for supported secrets.

The v3 announcement positioned verification as the central change: instead of only matching strings, the scanner can call provider APIs to determine whether a discovered secret is live. The project also moved toward a larger open detector ecosystem, with hundreds of supported key types and contribution paths for new detectors.

The current README describes TruffleHog as a discovery, classification, validation, and analysis tool that scans Git, chats, wikis, logs, API-testing platforms, object stores, filesystems, and more. It also documents enterprise monitoring as a commercial layer while keeping the core scanner open source.

### Adoption history

TruffleHog spread because secret leakage is a concrete, recurring operational problem: a key committed once may remain in Git history even after later commits remove it. Truffle Security's GitHub Actions guide shows the tool used in CI to scan pull requests and pushes before leaks move farther into deployment pipelines.

The tool's package-manager footprint is broad: Homebrew, Docker images, binary releases, install scripts, and distro packages all make it easy to drop into local audits, CI jobs, pre-commit workflows, and incident response scripts.

### How it is used

Common CLI usage includes scanning a remote Git repository, a GitHub organization, a local Git repository, S3 or GCS buckets, Docker images, filesystems, Jira, Slack, and other collaboration surfaces. Security teams often run it with verified-only results to prioritize active credentials.

For package nerds, TruffleHog is a canonical 'install this before you publish or rotate credentials' tool: it is easy to add to a shell, CI workflow, or one-off audit and it returns structured JSON when automation needs to consume findings.

### Why package nerds care

TruffleHog matters because it turned secrets scanning into a normal CLI/package-manager concern. The same binary can be used interactively with Homebrew, containerized through Docker, or pinned in CI, which fits how security tooling actually lands in developer environments.

Its distinction from simple grep-like scanners is verification. Package users care because reducing false positives changes the economics of adopting a scanner in every repository.

### Timeline

- Circa 2017: The original TruffleHog is written to find secrets committed to Git, based on the 2022 v3 announcement's five-year lookback.
- 2022-04-04: Truffle Security introduces TruffleHog v3.
- 2023-05-18: Truffle Security documents the TruffleHog GitHub Action for pull request and push scanning.
- 2024-02-21: Truffle Security publishes a detailed explanation of TruffleHog secret verification.

### Related projects

- Gitleaks is mentioned by the v3 announcement as inspiration for some Git improvements.
- GitHub Actions is a common integration surface for running TruffleHog on pull requests and pushes.
- Driftwood is referenced by Truffle Security as a related technique for private encryption key checks.

### Sources

- <https://github.com/trufflesecurity/trufflehog>
- <https://trufflesecurity.com/blog/how-trufflehog-verifies-secrets>
- <https://trufflesecurity.com/blog/introducing-trufflehog-v3>
- <https://trufflesecurity.com/blog/running-trufflehog-in-a-github-action>


## Security Notes

No matching local secret-handling manifest was found for trufflehog. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** trufflehog
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - trufflehog: normalized package name match | nixpkgs package indexes: pkgs/by-name/tr/trufflehog/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- zypper - trufflehog - 3.95.4-1.1: normalized package name match | openSUSE Tumbleweed package metadata: trufflehog from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | CLI tool to find exposed secrets in source and archives | https://github.com/trufflesecurity/trufflehog
- MacPorts - trufflehog: normalized package name match | MacPorts ports tree: security/trufflehog/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Chocolatey - trufflehog: normalized package name match | Chocolatey community package catalog: trufflehog from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','timberwinr'
- Scoop - main/trufflehog: normalized package name match | Scoop official bucket manifest trees: bucket/trufflehog.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [ggshield](https://www.automicvault.com/pkg/brew/ggshield/) - Shares av.db curated category or tags: cli, secrets-scanning, security.
- [noseyparker](https://www.automicvault.com/pkg/brew/noseyparker/) - Shares av.db curated category or tags: cli, secrets-scanning, security.
- [git-credential-libsecret](https://www.automicvault.com/pkg/brew/git-credential-libsecret/) - Shares av.db curated category or tags: cli, credentials, git, security.
- [git-credential-oauth](https://www.automicvault.com/pkg/brew/git-credential-oauth/) - Shares av.db curated category or tags: cli, credentials, git, security.
- [git-crypt](https://www.automicvault.com/pkg/brew/git-crypt/) - Shares av.db curated category or tags: cli, git, security.
- [git-hound](https://www.automicvault.com/pkg/brew/git-hound/) - Shares av.db curated category or tags: cli, git, security.
- [git-remote-gcrypt](https://www.automicvault.com/pkg/brew/git-remote-gcrypt/) - Shares av.db curated category or tags: cli, git, security.
- [git-secrets](https://www.automicvault.com/pkg/brew/git-secrets/) - Shares av.db curated category or tags: cli, git, security.
- [talisman](https://www.automicvault.com/pkg/brew/talisman/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, git, scanning, secrets, secrets-scanning.
- [two-ms](https://www.automicvault.com/pkg/brew/two-ms/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, git, scanning, secrets, secrets-scanning.

## Combined YAML source

View the package source record on GitHub. [combined/trufflehog.yml](https://github.com/automic-vault/db/blob/main/combined/trufflehog.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
