@@ -12,7 +12,7 @@ current_dir := $(dir $(mkfile_path))
1212# Global stuff.
1313
1414GO =$(shell which go)
15- HOMEBREW_PACKAGES =bash bats-core coreutils findutils go jq nodejs pre-commit python@3.11 tfschema
15+ HOMEBREW_PACKAGES =bash bats-core coreutils findutils go jq nodejs pre-commit python@3.11 tfschema trufflesecurity/trufflehog/trufflehog
1616
1717# Determine the operating system and CPU arch.
1818OS =$(shell uname -o | tr '[:upper:]' '[:lower:]')
@@ -63,6 +63,7 @@ install-tools-go:
6363 $(GO ) install github.com/google/osv-scanner/cmd/osv-scanner@v1
6464 $(GO ) install github.com/goph/licensei/cmd/licensei@latest
6565 $(GO ) install github.com/pelletier/go-toml/v2/cmd/tomljson@latest
66+ $(GO ) install github.com/trufflesecurity/driftwood@latest
6667 $(GO ) install golang.org/x/perf/cmd/benchstat@latest
6768 $(GO ) install golang.org/x/tools/cmd/godoc@latest
6869 $(GO ) install golang.org/x/vuln/cmd/govulncheck@latest
@@ -194,7 +195,7 @@ docs-serve:
194195# Linting
195196
196197.PHONY : vuln
197- # # vuln: [lint]* Runs `govulncheck` (vulnerability scanning) .
198+ # # vuln: [lint]* Checks for known security vulnerabilities .
198199vuln :
199200 @ $(ECHO ) " "
200201 @ $(ECHO ) " \033[1;33m=====> Running govulncheck (https://go.dev/blog/vuln)...\033[0m"
@@ -208,6 +209,13 @@ vuln:
208209 @ $(ECHO) "\033[1;33m=====> Running osv-scanner (https://osv.dev)...\033[0m"
209210 osv-scanner -r .
210211
212+ .PHONY : secrets
213+ # # secrets: [lint]* Checks for verifiable secrets.
214+ secrets :
215+ @ $(ECHO ) " "
216+ @ $(ECHO ) " \033[1;33m=====> Running TruffleHog...\033[0m"
217+ trufflehog git file://. --json --only-verified --concurrency=$(nproc ) 2> /dev/null | jq ' .'
218+
211219.PHONY : pre-commit
212220# # pre-commit: [lint]* Runs `pre-commit` against all files.
213221pre-commit :
0 commit comments