Workflow

Tartufo

Latest version: v5.0.0

Safety actively analyzes 630052 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 5 of 8

2.7.0

Not secure
-----------------------

Features:

* [96](https://github.com/godaddy/tartufo/issues/96) - Explicitly handle
submodules. Basically, always ignore them by default. There is also a new
option to toggle this functionality: `--include-submodules`
* Add `exclude_entropy_patterns` to output

2.6.0

Not secure
---------------------

Features:

* [194](https://github.com/godaddy/tartufo/issues/194) - Half bugfix, half
feature. Now when an excluded signature in your config file is found as an
entropy match, tartufo will realize that and no longer report it as an issue.
* [5](https://github.com/godaddy/tartufo/issues/5) - Remove the dependency on
`truffleHogRegexes`. This enables us to take full control of the default set
of regex checks.

Bug fixes:

* [179](https://github.com/godaddy/tartufo/issues/179) - Iterate over commits
in topological order, instead of date order.

2.5.0

Not secure
---------------------

Features:

* [145](https://github.com/godaddy/tartufo/issues/145) - Adds
`--exclude-path-patterns` and `--include-path-patterns` to simplify config in
a single .toml file
* [87](https://github.com/godaddy/tartufo/issues/87) - Adds
`--exclude-entropy-patterns` to allow for regex-based exclusions

Bug fixes:

* Write debug log entries when binary files are encountered
* Pinned all linting tools to specific versions and set all tox envs to use poetry
* Disabled codecov due to security breach

2.4.0

Not secure
----------------------

Features:

* 76 - Added logging! You can now use the `-v`/`--verbose` option to increase
the amount of output from tartufo. Specifying multiple times will incrementally
increase what is output.
* Added a `--log-timestamps`/`--no-log-timestamps` option (default: True) so that
timestamps can be hidden in log messages. This could be helpful when, for example,
comparing the output from multiple runs.
* 107 - Added a `--compact`/`--no-compact` option for abbreviated output on found
issues, to avoid unintentionally spamming yourself. (Thanks to dclayton-godaddy
for his work on this one)

Bug fixes:

* 158 - The `--branch` option was broken and would not actually scan anything

2.3.1

Not secure
-------------------------

Bug fixes:

* Added rust toolchain to allow for building of latest cryptography

Other changes:

* Added no-fetch to code snippets and note about what it does

2.3.0

Not secure
-------------------------

Features:

* 42 - Report output on clean or successful scan. Add new `-q/--quiet` option to suppress output
* 43 - Report out of the list of exclusions. Add new `-v/--verbose` option to print exclusions
* 159 - Switched our primary development branch from `master` -> `main`
* Updated BFG refs from 1.13.0 to 1.13.2

Page 5 of 8

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.