Show HN: Layerleak – Like Trufflehog, but for Docker Hub

(github.com)

5 points | by brumbelow 1 hour ago

2 comments

darknavi 1 hour ago
A small ask: Don't have the main tag like for your product refer to another product. I know what Docker Hub is, but I have no idea what Trufflehog is.
The first like of the GitHub README is much better IMO: layerleak the Docker Hub Secret Scanner
[-]
- brumbelow 1 hour ago
  Thanks for the advice! Did not even consider that. I just updated it
brumbelow 1 hour ago
I couldn't find anything comparable to Trufflehog for Docker images, even though I have constantly read articles about "secrets discovered in public images." So I built my own (hopefully) comparable tool.
[-]
- captn3m0 49 minutes ago
  But trufflehog supports docker images already? The trufflehog readme has examples[0]
```
    # to scan from a remote registry
    trufflehog docker --image trufflesecurity/secrets 
    # to scan from the local docker daemon

    trufflehog docker --image docker://new_image:tag

    # to scan from an image saved as a tarball
    trufflehog docker --image file://path_to_image.tar
```
  [0]: https://github.com/trufflesecurity/trufflehog#11-scan-a-dock...
  [-]
  - brumbelow 47 minutes ago
    That's true, but as you can see from your paste, Trufflehog requires the docker daemon and is generally pretty resource intensive while scanning.
    layerleak has neither of those issues or requirements.
    Try it and let me know what you think.