Announcing tartufo v3.0!

As I’ve written about previously, tartufo is a tool vital to our organization. It helps us to ensure that our source code is clear of all forms of credentials, secrets, keys, and things we just generally don’t want to see potentially getting exposed. It is just one small, yet absolutely vital, link in our security toolchain. So it is with this in mind that I am now pleased to announce the release of tartufo v3.0!

Previously, in tartufo 2.0

With our previous major version bump, v2.0, the goal was to improve the developer experience. The project from which we originated our work, truffleHog, was and still is, an amazingly powerful tool. But it left some things to be desired from a developer perspective. So we set to work to improve this: we split the code into distinct modules, separating the CLI from the API; we moved the code into a hierarchy of classes to enable future growth; we moved the different “modes” of operation into sub-commands to further de-clutter the codebase. But all of this work did little to help out those who matter most: the users of this tool.

Fast Forward to Today

So, with that in mind, our major focus in v3.0 has been to vastly improve the user experience! We have taken countless bits of feedback from our users around what they liked, what they didn’t like, what was great, what was just flat broken, and we’ve done our best to improve on as many of those things as possible. Our goal with this new major release is to take a tool that can oftentimes be frustrating and confusing for a user, into a tool that developers truly don’t mind, and in fact want to have as part of their toolchain! To escape the shackles of the classic security conundrum, where the tools are often so cumbersome and difficult to use that developers would rather forego them, despite the cost.

Many developer hours have gone into this new release, and it would not be possible without all of the fine contributors both from GoDaddy engineers, as well as a number of new external contributors! I would like, however, to give a very special shout-out to our very own Jeremiah Gowdy. His initial work on porting the backend of tartufo to use pygit2 paved the way for much of the speed gains in this release, and without his efforts, this certainly would not have happened in the time frame that it did. Thank you, Jeremiah!

And that brings us to the big question: What’s so great about this new version?

The New Hotness

Here is a summary of the big-ticket items we’ve added, fixed, or improved for this new major release.


Configuration Changes

Bug Fixes

Other Contributors

Additional contributions were made by Erik Owen, Mertay Dayanc, and Anatoliy Serputov. Without their work, this release would not have been possible!

Looking to the Future

As you can see, a great deal of work has gone into this release. And these are only the largest changes listed here! We hope that this gives you some idea of what we’ve been working on, and we hope that this new release truly does provide for a better experience for you. Please let us know in the issues or discussions what you think, what you like, or what problems you find! Who knows, maybe we’ll be adding your name to this list of contributors for the next major release!

But Wait, There’s More!

You didn’t think that was all we had for you, did you? Of course not!

In addition to all the work that has gone into this new release for tartufo, our very own Wayne Berry has been working on a VSCode extension that will help identify high entropy strings, and get exclusions added to your tartufo.toml configuration file, right from your editor!

You can check out the source code here, or head over to the Visual Studio Marketplace to install it here. And if you don’t believe yet how wonderful this is, check it out in action below!

VSCode extension screenshot

Join Us!

Want to help us work on these tools and help empower the future of Everyday Entrepreneurs? GoDaddy is always looking for more talented individuals! Check out our careers page to find the role that is perfect for you!