Detect Jfrog Artifactory tokens #3011
Labels
Comments
arjunharidasp
changed the title
|
This bug is still outstanding |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please review the Community Note before submitting
Description
In Trufflehog detectors, we see artifactory is mentioned.
However when tested with Jfrog artifactory token, its not getting detected as a secret.
Jfrog artifactory patterns
curl -username: -T <PATH_TO_FILE> "artifactory url/artifactname/<TARGET_FILE_PATH>"
curl -uusername: -L -O "artifactory url/artifactname/<TARGET_FILE_PATH>"
wget --header='X-JFrog-Art-Api: token' "artifactory url/artifactname/<TARGET_FILE_PATH>"
curl -v -H "X-JFrog-Art-Api: token"-T <PATH_TO_FILE> "artifactory url/artifactname/<TARGET_FILE_PATH>"
curl -H "X-JFrog-Art-Api:apitoken" -O " "artifactory url/artifactname/<TARGET_FILE_PATH>"
Examples
text: |
export ARTIFACTORY_URL=http://localhost:8081/artifactory
export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
Preferred Solution
Jfrog artifactory api keys or tokens are detected as secrets
The text was updated successfully, but these errors were encountered: