{% if trufflehog_data %}

TruffleHog — Secrets Findings

Total: {{ trufflehog_data|length }} {% set verified_count = trufflehog_data | selectattr('Verified') | list | length %} Verified: {{ verified_count }} Unverified: {{ trufflehog_data|length - verified_count }}
{% for finding in trufflehog_data %} {% set source_meta = finding.SourceMetadata if finding.SourceMetadata is defined else {} %} {% set data = source_meta.Data if source_meta.Data is defined else {} %} {% set git_data = data.Git if data.Git is defined else {} %} {% set fs_data = data.Filesystem if data.Filesystem is defined else {} %} {% set file_path = git_data.file if git_data.file else (fs_data.file_path if fs_data.file_path else (fs_data.path if fs_data.path else '')) %} {% set line = git_data.line if git_data.line else (fs_data.line if fs_data.line else finding.line if finding.line is defined else '') %} {% set detector = finding.DetectorName if finding.DetectorName is defined else '' %} {% set redacted = finding.Redacted if finding.Redacted is defined else '' %} {% set verified = finding.Verified if finding.Verified is defined else False %} {% set fingerprints = finding.fingerprints if finding.fingerprints is defined else {} %} {% set fingerprint_list = [] %} {% if fingerprints.secret %}{% set _ = fingerprint_list.append(('secret', fingerprints.secret)) %}{% endif %} {% if fingerprints.ctx %}{% set _ = fingerprint_list.append(('ctx', fingerprints.ctx)) %}{% endif %} {% if fingerprints.exact %}{% set _ = fingerprint_list.append(('exact', fingerprints.exact)) %}{% endif %} {% if fingerprints.ctx_soft %}{% set _ = fingerprint_list.append(('ctx_soft', fingerprints.ctx_soft)) %}{% endif %} {% set default_fp = '' %} {# Default to ctx fingerprint if available, then ctx_soft, otherwise first available #} {% if fingerprints.ctx %} {% set default_fp = fingerprints.ctx %} {% elif fingerprints.ctx_soft %} {% set default_fp = fingerprints.ctx_soft %} {% elif fingerprint_list|length > 0 %} {% set default_fp = fingerprint_list[0][1] %} {% endif %} {% set location_status = finding.location_status if finding.location_status is defined else '' %} {% set approx_line = finding.approx_line if finding.approx_line is defined else '' %} {% set redacted_v2 = finding.RedactedV2 if finding.RedactedV2 is defined else '' %} {% set detector_type = finding.DetectorType if finding.DetectorType is defined else '' %} {% set decoder_name = finding.DecoderName if finding.DecoderName is defined else '' %} {% set verified_at = finding.VerifiedAt if finding.VerifiedAt is defined else '' %} {% set repository = git_data.repository if git_data.repository is defined else '' %} {% set commit = git_data.commit if git_data.commit is defined else '' %} 0 %}data-fingerprints='{{ fingerprint_list|map(attribute=1)|list|tojson }}'{% endif %}> {% endfor %}
File Line Detector Redacted Secret Verified Waiver
{{ file_path | e }} {{ line | e }} {{ detector | e }} {{ redacted | e }} {% if verified %} ✅ Verified {% else %} ❌ Unverified {% endif %} {% if fingerprint_list|length > 0 %}
{% else %} — {% endif %}

Secret Details

{% if detector %}
Detector:
{{ detector | e }}
{% endif %} {% if detector_type %}
Detector Type:
{{ detector_type | e }}
{% endif %} {% if decoder_name %}
Decoder:
{{ decoder_name | e }}
{% endif %} {% if redacted %}
Redacted Secret:
{{ redacted | e }}
{% endif %} {% if redacted_v2 %}
Redacted (V2):
{{ redacted_v2 | e }}
{% endif %} {% if verified is defined %}
Verified:
{% if verified %} ✅ Verified {% else %} ❌ Unverified {% endif %}
{% endif %} {% if verified_at %}
Verified At:
{{ verified_at | e }}
{% endif %}

Location Details

{% if file_path %}
File:
{{ file_path | e }}
{% endif %} {% if line %}
Line:
{{ line | e }}
{% endif %} {% if approx_line %}
Approximate Line:
{{ approx_line | e }}
{% endif %} {% if location_status %}
Location Status:
{{ location_status | e }}
{% endif %} {% if repository %}
Repository:
{{ repository | e }}
{% endif %} {% if commit %}
Commit:
{{ commit[:12] | e }}
{% endif %}
{% if fingerprints %}

Fingerprints

{% if fingerprints.secret %}
Secret Fingerprint:
{{ fingerprints.secret | e }}
{% endif %} {% if fingerprints.exact %}
Exact Fingerprint:
{{ fingerprints.exact | e }}
{% endif %} {% if fingerprints.ctx %}
Context Fingerprint:
{{ fingerprints.ctx | e }}
{% endif %} {% if fingerprints.ctx_soft %}
Soft Context Fingerprint:
{{ fingerprints.ctx_soft | e }}
{% endif %}

Fingerprint Types:
SECRET: Hash-based identifier derived from the normalized secret value. Stable across file moves and commits, safe to store publicly.
EXACT: Location-bound identifier derived from detector name, file content hash, and byte span. Binds tightly to a specific file revision.
CTX: Contextual identifier derived from detector name, relative file path, and redacted context window. Remains valid through small edits.

{% endif %}
{% endif %}