Version 3.0.0-alpha.1

Welcome to the first alpha release for tartufo v3.0! This is to give users a sneak peek at what new features and fixes we have in store, to help us shake out any bugs we might have missed, and get us feedback on the future of tartufo. Please enjoy, and be sure to file issues for anything you notice!

What's Changed

• Resolves #231 - Uses tomlkit package by @ErikOwen in #234
• Convert formatted string to f-string by @sushantmimani in #235
• Feature: report issues as discovered instead of buffering by @rbailey-godaddy in #227
• Switch to Pygit2 by @sushantmimani in #233
• Fix failing scan-remote-repo command by @sushantmimani in #241
• Drop support for --fetch/--no-fetch option for local scans by @sushantmimani in #244
• Fix remote branch by @rbailey-godaddy in #248
• Handling file renames with pygit2 by @mayuriesha in #249
• Enable regex scans by default #254 by @mdayanc-GoDaddy in #271
• Add a new "--scan-filename/--no-scan-filename" flag by @sushantmimani in #259
• Dropping support for --json and --compact and adding support for --output-format by @mayuriesha in #266
• Removing depricated flags --include-paths and --exclude-paths by @mayuriesha in #276
• Version bump for v3.0.0-alpha.1 by @tarkatronic in #280

New Contributors

• @ErikOwen made their first contribution in #234
• @mdayanc-GoDaddy made their first contribution in #271

Full Changelog: v2.10.0...v3.0.0-alpha.1

Version v2.10.0

Bug fixes:

• #247 All versions of tartufo from v2.2.0 through v2.9.0 inclusive mishandle scan-remote-repo. Only the repository's default branch was scanned, and secrets present in other branches would not be discovered. Additionally, the --branch branch-name option did not operate correctly for remote repositories. Some versions would scan nothing and report no errors, and other versions aborted immediately, claiming the branch did not exist (even if it did). v2.10.0 corrects these problems and may detect secrets that were not reported by previous versions.

Features:

• #231 Change toml parsing library to use tomlkit

Other changes:

• #251 Document update to use --no-fetch flag to all scan-local-repo

Version 2.9.0

What's Changed

• Issue #104: Update latest image on Docker Hub only if it is a stable release by @sushantmimani in #226
• Issue #89 Base64 and hexadecimal entropy score override by @namithasind in #223
• New style entropy exclusions by @tarkatronic in #229
• Version bump for v2.9.0 by @tarkatronic in #232

New Contributors

• @namithasind made their first contribution in #223

Full Changelog: v2.8.1...v2.9.0

Version 2.8.1

Bug fixes:

• #222 - Allow exclude-entropy-patterns to match lines containing partial matches -- thanks to @kbartholomew-godaddy for the work on this one!

Version 2.8.0

Features:

• #83 - New scan-folder command to scan files without viewing as a git repository.

Bug fixes:

• #220 - Display an explicit error message when a requested branch is not found, as opposed to failing silently.

Misc:

• #219 - Incremental optimizations; using __slots__ for the Issue class to improve memory consumption, and a small logic speed-up in when we generate the diff between commits. Both of
  these should help at least some when it comes to scanning very large repositories.

Version 2.7.1

Bug fixes:

• #211 - Attempt to fix a case where output encoding could be set to cp1252 on Windows, which would cause a crash if unicode characters were printed. Now issues are output as utf-8 encoded bytestreams instead.

Version 2.7.0

Features:

• #96 - Explicitly handle submodules. Basically, always ignore them by default. There is also a new option to toggle this functionality: --include-submodules
• Add exclude_entropy_patterns to output

Version 2.6.0

Features:

• #194 - Half bugfix, half feature. Now when an excluded signature in your config file is found as an entropy match, tartufo will realize that and no longer report it as an issue.
• #5 - Remove the dependency on truffleHogRegexes. This enables us to take full control of the default set of regex checks.

Bug fixes:

• #179 - Iterate over commits in topological order, instead of date order.

Version 2.5.0

Features:

• #145 - Adds --exclude-path-patterns and --include-path-patterns to simplify config in a single .toml file
• #87 - Adds --exclude-entropy-patterns to allow for regex-based exclusions

Bug fixes:

• Write debug log entries when binary files are encountered
• Pinned all linting tools to specific versions and set all tox envs to use poetry
• Disabled codecov due to security breach

Version 2.4.0

Features:

• #76 - Added logging! You can now use the -v/--verbose option to increase the amount of output from tartufo. Specifying multiple times will incrementally increase what is output.
• Added a --log-timestamps/--no-log-timestamps option (default: True) so that timestamps can be hidden in log messages. This could be helpful when, for example, comparing the output from multiple runs.
• #107 - Added a --compact/--no-compact option for abbreviated output on found issues, to avoid unintentionally spamming yourself. (Thanks to @dclayton-godaddy for his work on this one)

Bug fixes:

• #158 - The --branch option was broken and would not actually scan anything