diff --git a/pkg/detectors/gitlab/v1/gitlab_integration_test.go b/pkg/detectors/gitlab/v1/gitlab_integration_test.go index 8c71aee805bb..922889842d9e 100644 --- a/pkg/detectors/gitlab/v1/gitlab_integration_test.go +++ b/pkg/detectors/gitlab/v1/gitlab_integration_test.go @@ -297,6 +297,100 @@ func TestGitlab_FromChunk_WithV2Secrets(t *testing.T) { } } +// This test ensures gitlab v1 detector does not work on gitlab v3 secrets +func TestGitlab_FromChunk_WithV3Secrets(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) + defer cancel() + testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors6") + if err != nil { + t.Fatalf("could not get test secrets from GCP: %s", err) + } + secret := testSecrets.MustGetField("GITLABV3") + secretInactive := testSecrets.MustGetField("GITLABV3_INACTIVE") + type args struct { + ctx context.Context + data []byte + verify bool + } + tests := []struct { + name string + s Scanner + args args + want []detectors.Result + wantErr bool + wantVerificationErr bool + }{ + { + name: "verified v3 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab super secret %s within", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "verified v3 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("gitlab %s", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "unverified v3 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secretInactive)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte("You cannot find the secret within"), + verify: true, + }, + want: nil, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tt.s.SetCloudEndpoint("https://gitlab.com") + tt.s.UseCloudEndpoint(true) + got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data) + if (err != nil) != tt.wantErr { + t.Errorf("Gitlab.FromData() error = %v, wantErr %v", err, tt.wantErr) + return + } + for i := range got { + if len(got[i].Raw) == 0 { + t.Fatal("no raw secret present") + } + if (got[i].VerificationError() != nil) != tt.wantVerificationErr { + t.Fatalf(" wantVerificationError = %v, verification error = %v,", tt.wantVerificationErr, got[i].VerificationError()) + } + got[i].AnalysisInfo = nil + } + opts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError", "primarySecret") + if diff := cmp.Diff(got, tt.want, opts); diff != "" { + t.Errorf("Gitlab.FromData() %s diff: (-got +want)\n%s", tt.name, diff) + } + }) + } +} + func BenchmarkV2FromData(benchmark *testing.B) { ctx := context.Background() s := Scanner{} diff --git a/pkg/detectors/gitlab/v2/gitlab_integration_test.go b/pkg/detectors/gitlab/v2/gitlab_integration_test.go index 88e86040b6ee..3d10eb860b14 100644 --- a/pkg/detectors/gitlab/v2/gitlab_integration_test.go +++ b/pkg/detectors/gitlab/v2/gitlab_integration_test.go @@ -111,6 +111,100 @@ func TestGitlabV2_FromChunk_WithV1Secrets(t *testing.T) { } } +// This test ensures gitlab v2 detector does not work on gitlab v3 secrets +func TestGitlabV2_FromChunk_WithV3Secrets(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) + defer cancel() + testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors6") + if err != nil { + t.Fatalf("could not get test secrets from GCP: %s", err) + } + secret := testSecrets.MustGetField("GITLABV3") + secretInactive := testSecrets.MustGetField("GITLABV3_INACTIVE") + type args struct { + ctx context.Context + data []byte + verify bool + } + tests := []struct { + name string + s Scanner + args args + want []detectors.Result + wantErr bool + wantVerificationErr bool + }{ + { + name: "verified v3 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab super secret %s within", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "verified v3 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("gitlab %s", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "unverified v3 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secretInactive)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte("You cannot find the secret within"), + verify: true, + }, + want: nil, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tt.s.SetCloudEndpoint("https://gitlab.com") + tt.s.UseCloudEndpoint(true) + got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data) + if (err != nil) != tt.wantErr { + t.Errorf("Gitlab.FromData() error = %v, wantErr %v", err, tt.wantErr) + return + } + for i := range got { + if len(got[i].Raw) == 0 { + t.Fatal("no raw secret present") + } + if (got[i].VerificationError() != nil) != tt.wantVerificationErr { + t.Fatalf(" wantVerificationError = %v, verification error = %v,", tt.wantVerificationErr, got[i].VerificationError()) + } + got[i].AnalysisInfo = nil + } + opts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError", "primarySecret") + if diff := cmp.Diff(got, tt.want, opts); diff != "" { + t.Errorf("Gitlab.FromData() %s diff: (-got +want)\n%s", tt.name, diff) + } + }) + } +} + func BenchmarkFromData(benchmark *testing.B) { ctx := context.Background() s := Scanner{} diff --git a/pkg/detectors/gitlab/v3/gitlab_v3.go b/pkg/detectors/gitlab/v3/gitlab_v3.go new file mode 100644 index 000000000000..8ab45da66b30 --- /dev/null +++ b/pkg/detectors/gitlab/v3/gitlab_v3.go @@ -0,0 +1,102 @@ +package gitlab + +import ( + "context" + "fmt" + "maps" + "net/http" + "strings" + + regexp "github.com/wasilibs/go-re2" + + "github.com/trufflesecurity/trufflehog/v3/pkg/common" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + v1 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gitlab/v1" + "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" +) + +type Scanner struct { + client *http.Client + detectors.EndpointSetter +} + +// Ensure the Scanner satisfies the interfaces at compile time. +var _ detectors.Detector = (*Scanner)(nil) +var _ detectors.EndpointCustomizer = (*Scanner)(nil) +var _ detectors.Versioner = (*Scanner)(nil) + +func (Scanner) Version() int { return 3 } +func (Scanner) CloudEndpoint() string { return "https://gitlab.com" } + +var ( + defaultClient = common.SaneHttpClient() + // pattern taken from gitlab's PR for the format change: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169322 + keyPat = regexp.MustCompile(`\b(glpat-[a-zA-Z0-9\-=_]{27,300}.[0-9a-z]{2}.[a-z0-9]{9})\b`) +) + +func (s Scanner) getClient() *http.Client { + if s.client != nil { + return s.client + } + + return defaultClient +} + +// Keywords are used for efficiently pre-filtering chunks. +// Use identifiers in the secret preferably, or the provider name. +func (s Scanner) Keywords() []string { return []string{"glpat-"} } + +func (s Scanner) Type() detectorspb.DetectorType { + return detectorspb.DetectorType_Gitlab +} + +func (s Scanner) Description() string { + return "GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking, and CI/CD pipeline features. GitLab Personal Access Tokens (PATs) can be used to authenticate and access GitLab resources." +} + +// FromData will find and optionally verify Gitlab secrets in a given set of bytes. +func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) { + dataStr := string(data) + + matches := keyPat.FindAllStringSubmatch(dataStr, -1) + for _, match := range matches { + resMatch := strings.TrimSpace(match[1]) + + for _, endpoint := range s.Endpoints() { + s1 := detectors.Result{ + DetectorType: detectorspb.DetectorType_Gitlab, + Raw: []byte(resMatch), + RawV2: []byte(resMatch + endpoint), + ExtraData: map[string]string{ + "rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/", + "version": fmt.Sprintf("%d", s.Version()), + }, + } + + if verify { + + isVerified, extraData, verificationErr := v1.VerifyGitlab(ctx, s.getClient(), endpoint, resMatch) + s1.Verified = isVerified + maps.Copy(s1.ExtraData, extraData) + + s1.SetVerificationError(verificationErr) + + // for verified keys set the analysis info + if s1.Verified { + s1.AnalysisInfo = map[string]string{ + "key": resMatch, + "host": endpoint, + } + + // if secret is verified with one endpoint, break the loop to continue to next secret + results = append(results, s1) + break + } + } + + results = append(results, s1) + } + } + + return results, nil +} diff --git a/pkg/detectors/gitlab/v3/gitlab_v3_integration_test.go b/pkg/detectors/gitlab/v3/gitlab_v3_integration_test.go new file mode 100644 index 000000000000..8eea3d543ab6 --- /dev/null +++ b/pkg/detectors/gitlab/v3/gitlab_v3_integration_test.go @@ -0,0 +1,373 @@ +//go:build detectors +// +build detectors + +package gitlab + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/trufflesecurity/trufflehog/v3/pkg/common" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" +) + +func TestGitlabV3_FromChunk(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) + defer cancel() + testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors6") + if err != nil { + t.Fatalf("could not get test secrets from GCP: %s", err) + } + secret := testSecrets.MustGetField("GITLABV3") + secretInactive := testSecrets.MustGetField("GITLABV3_INACTIVE") + + type args struct { + ctx context.Context + data []byte + verify bool + } + tests := []struct { + name string + s Scanner + args args + want []detectors.Result + wantErr bool + wantVerificationErr bool + }{ + { + name: "found, verified", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secret)), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_Gitlab, + Verified: true, + ExtraData: map[string]string{ + "rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/", + "version": "3", + }, + }, + }, + wantErr: false, + }, + { + name: "found unverified", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secretInactive)), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_Gitlab, + Verified: false, + ExtraData: map[string]string{ + "rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/", + "version": "3", + }, + }, + }, + wantErr: false, + }, + { + name: "found, would be verified but for timeout", + s: Scanner{client: common.SaneHttpClientTimeOut(1 * time.Microsecond)}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab super secret %s within", secret)), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_Gitlab, + Verified: false, + ExtraData: map[string]string{ + "rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/", + "version": "3", + }, + }, + }, + wantErr: false, + wantVerificationErr: true, + }, + { + name: "found and valid but unexpected api response", + s: Scanner{client: common.ConstantResponseHttpClient(500, "")}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab super secret %s within", secret)), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_Gitlab, + Verified: false, + ExtraData: map[string]string{ + "rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/", + "version": "3", + }, + }, + }, + wantErr: false, + wantVerificationErr: true, + }, + { + name: "found, good key but wrong scope", + s: Scanner{client: common.ConstantResponseHttpClient(403, "")}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab super secret %s within", secret)), + verify: true, + }, + want: []detectors.Result{ + { + DetectorType: detectorspb.DetectorType_Gitlab, + Verified: true, + ExtraData: map[string]string{ + "rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/", + "version": "3", + }, + }, + }, + wantErr: false, + }, + { + name: "not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte("You cannot find the secret within"), + verify: true, + }, + want: nil, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tt.s.UseCloudEndpoint(true) + tt.s.SetCloudEndpoint(tt.s.CloudEndpoint()) + got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data) + if (err != nil) != tt.wantErr { + t.Errorf("Gitlab.FromData() error = %v, wantErr %v", err, tt.wantErr) + return + } + for i := range got { + if len(got[i].Raw) == 0 { + t.Fatal("no raw secret present") + } + if (got[i].VerificationError() != nil) != tt.wantVerificationErr { + t.Fatalf(" wantVerificationError = %v, verification error = %v,", tt.wantVerificationErr, got[i].VerificationError()) + } + got[i].AnalysisInfo = nil + } + opts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError", "primarySecret") + if diff := cmp.Diff(got, tt.want, opts); diff != "" { + t.Errorf("Gitlab.FromData() %s diff: (-got +want)\n%s", tt.name, diff) + } + }) + } +} + +func BenchmarkFromData(benchmark *testing.B) { + ctx := context.Background() + s := Scanner{} + for name, data := range detectors.MustGetBenchmarkData() { + benchmark.Run(name, func(b *testing.B) { + b.ResetTimer() + for n := 0; n < b.N; n++ { + _, err := s.FromData(ctx, false, data) + if err != nil { + b.Fatal(err) + } + } + }) + } +} + +// This test ensures gitlab v3 detector does not work on gitlab v1 secrets +func TestGitlabV3_FromChunk_WithV1Secrets(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) + defer cancel() + testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4") + if err != nil { + t.Fatalf("could not get test secrets from GCP: %s", err) + } + secret := testSecrets.MustGetField("GITLAB") + secretInactive := testSecrets.MustGetField("GITLAB_INACTIVE") + type args struct { + ctx context.Context + data []byte + verify bool + } + tests := []struct { + name string + s Scanner + args args + want []detectors.Result + wantErr bool + wantVerificationErr bool + }{ + { + name: "verified v1 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab super secret %s within", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "verified v1 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("gitlab %s", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "unverified v1 secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secretInactive)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte("You cannot find the secret within"), + verify: true, + }, + want: nil, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tt.s.SetCloudEndpoint("https://gitlab.com") + tt.s.UseCloudEndpoint(true) + got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data) + if (err != nil) != tt.wantErr { + t.Errorf("Gitlab.FromData() error = %v, wantErr %v", err, tt.wantErr) + return + } + for i := range got { + if len(got[i].Raw) == 0 { + t.Fatal("no raw secret present") + } + if (got[i].VerificationError() != nil) != tt.wantVerificationErr { + t.Fatalf(" wantVerificationError = %v, verification error = %v,", tt.wantVerificationErr, got[i].VerificationError()) + } + got[i].AnalysisInfo = nil + } + opts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError", "primarySecret") + if diff := cmp.Diff(got, tt.want, opts); diff != "" { + t.Errorf("Gitlab.FromData() %s diff: (-got +want)\n%s", tt.name, diff) + } + }) + } +} + +// This test ensures gitlab v3 detector does not work on gitlab v2 secrets +func TestGitlabV3_FromChunk_WithV2Secrets(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) + defer cancel() + testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4") + if err != nil { + t.Fatalf("could not get test secrets from GCP: %s", err) + } + secret := testSecrets.MustGetField("GITLABV2") + secretInactive := testSecrets.MustGetField("GITLABV2_INACTIVE") + + type args struct { + ctx context.Context + data []byte + verify bool + } + tests := []struct { + name string + s Scanner + args args + want []detectors.Result + wantErr bool + wantVerificationErr bool + }{ + { + name: "verified secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secret)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "unverified secret, not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte(fmt.Sprintf("You can find a gitlab secret %s within", secretInactive)), + verify: true, + }, + want: nil, + wantErr: false, + }, + { + name: "not found", + s: Scanner{}, + args: args{ + ctx: context.Background(), + data: []byte("You cannot find the secret within"), + verify: true, + }, + want: nil, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data) + if (err != nil) != tt.wantErr { + t.Errorf("Gitlab.FromData() error = %v, wantErr %v", err, tt.wantErr) + return + } + for i := range got { + if len(got[i].Raw) == 0 { + t.Fatal("no raw secret present") + } + if (got[i].VerificationError() != nil) != tt.wantVerificationErr { + t.Fatalf(" wantVerificationError = %v, verification error = %v,", tt.wantVerificationErr, got[i].VerificationError()) + } + got[i].AnalysisInfo = nil + } + opts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "RawV2", "verificationError") + if diff := cmp.Diff(got, tt.want, opts); diff != "" { + t.Errorf("Gitlab.FromData() %s diff: (-got +want)\n%s", tt.name, diff) + } + }) + } +} diff --git a/pkg/detectors/gitlab/v3/gitlab_v3_test.go b/pkg/detectors/gitlab/v3/gitlab_v3_test.go new file mode 100644 index 000000000000..4a901baf7c9b --- /dev/null +++ b/pkg/detectors/gitlab/v3/gitlab_v3_test.go @@ -0,0 +1,85 @@ +package gitlab + +import ( + "context" + "testing" + + "github.com/google/go-cmp/cmp" + + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + "github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick" +) + +func TestGitLab_Pattern(t *testing.T) { + d := Scanner{} + d.SetCloudEndpoint("https://gitlab.com") + d.UseCloudEndpoint(true) + ahoCorasickCore := ahocorasick.NewAhoCorasickCore([]detectors.Detector{d}) + + tests := []struct { + name string + input string + want []string + }{ + { + name: "valid pattern", + input: `[{ + "_id": "1a8d0cca-e1a9-4318-bc2f-f5658ab2dcb5", + "name": "Gitlab", + "type": "Detector", + "api": true, + "authentication_type": "", + "verification_url": "https://api.example.com/example", + "test_secrets": { + "gitlab_secret": "glpat-3fZ1p5y4XWcCvMGVlfakeW86MQp1Oml3Ymg0Cw.01.1203afake" + }, + "expected_response": "200", + "method": "GET", + "deprecated": false + }]`, + want: []string{"glpat-3fZ1p5y4XWcCvMGVlfakeW86MQp1Oml3Ymg0Cw.01.1203afakehttps://gitlab.com"}, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + matchedDetectors := ahoCorasickCore.FindDetectorMatches([]byte(test.input)) + if len(matchedDetectors) == 0 { + t.Errorf("keywords '%v' not matched by: %s", d.Keywords(), test.input) + return + } + + results, err := d.FromData(context.Background(), false, []byte(test.input)) + if err != nil { + t.Errorf("error = %v", err) + return + } + + if len(results) != len(test.want) { + if len(results) == 0 { + t.Errorf("did not receive result") + } else { + t.Errorf("expected %d results, only received %d", len(test.want), len(results)) + } + return + } + + actual := make(map[string]struct{}, len(results)) + for _, r := range results { + if len(r.RawV2) > 0 { + actual[string(r.RawV2)] = struct{}{} + } else { + actual[string(r.Raw)] = struct{}{} + } + } + expected := make(map[string]struct{}, len(test.want)) + for _, v := range test.want { + expected[v] = struct{}{} + } + + if diff := cmp.Diff(expected, actual); diff != "" { + t.Errorf("%s diff: (-want +got)\n%s", test.name, diff) + } + }) + } +} diff --git a/pkg/engine/defaults/defaults.go b/pkg/engine/defaults/defaults.go index a84945752460..0b272af4408e 100644 --- a/pkg/engine/defaults/defaults.go +++ b/pkg/engine/defaults/defaults.go @@ -329,6 +329,7 @@ import ( "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/githubapp" gitlabv1 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gitlab/v1" gitlabv2 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gitlab/v2" + gitlabv3 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gitlab/v3" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gitter" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/glassnode" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gocanvas" @@ -1199,6 +1200,7 @@ func buildDetectorList() []detectors.Detector { &githubv2.Scanner{}, &gitlabv1.Scanner{}, &gitlabv2.Scanner{}, + &gitlabv3.Scanner{}, &gitter.Scanner{}, &glassnode.Scanner{}, &gocanvas.Scanner{},