Truffle Security

Truffle Security Co. is the company behind TruffleHog, an open-source secrets scanning tool designed to identify and remediate exposed credentials before they can be exploited. The company focuses on detecting leaked encryption keys, API tokens, passwords, and other sensitive credentials across various environments including code repositories, cloud platforms, and SaaS applications. TruffleHog is available in both open-source and enterprise versions. The open-source version provides secrets scanning capabilities for developers and security teams, while TruffleHog Enterprise offers additional features for organizational deployment. The company also offers specialized products including TruffleHog Analyze and GCP Analyze for mapping access risks in cloud environments, and Forager for expanded scanning capabilities. The platform scans multiple sources for credential leaks, including public repositories on GitHub and GitLab. TruffleHog performs verification of discovered secrets to determine if they are active and exploitable, including support for JWT tokens with public-key signatures. The company maintains an active open-source community and provides documentation, integration options, and resources for credential rotation through their howtorotate.com site. Founded in 2021 by Dylan Ayrey and Dustin Decker, the company is backed by Andreessen Horowitz (a16z) and security industry veterans. Their approach emphasizes making security issues more identifiable and accessible, enabling security teams and developers to collaborate on protecting software and infrastructure from credential-based attacks.