GITBOOK-477: No subject

Author: Whitespots

appsec-portal/scanners/scanner-description/secret-scanners/trufflehog3.md

@@ -6,6 +6,36 @@ description: >-
 
 # Trufflehog3
 
+**Auditor Job Name**: Trufflehog3 Scan\
+**Auditor image:** registry.gitlab.com/whitespots/devsecops/security-images/trufflehog3:latest\
+**AppSec Portal Importer Name**: Trufflehog3 Scan
+
 [Trufflehog3](https://github.com/feeltheajf/trufflehog3) uses _regular expressions_ to scan for patterns that match common formats for **secret keys**, such as **AWS keys**, **private keys**, and other sensitive data. It can also detect **secrets that have been obfuscated** or **encoded** in various ways, making it a valuable tool for detecting even well-hidden secrets.
 
 While Trufflehog3 is primarily used for detecting secrets and credentials, it can also be used to search for other types of sensitive data, such as **Personally Identifiable Information (PII)**. This makes it a versatile tool for ensuring the security and privacy of your codebase.
+
+#### Curl example
+
+{% code overflow="wrap" %}
+```
+curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./trufflehog3.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=Trufflehog3 Scan" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"
+```
+{% endcode %}
+
+In this command, the following parameters are used:
+
+1. `-X POST`: specifies the HTTP method to be used (in this case, POST)
+2. `-H "Authorization: Token <authorization_token>"`: specifies the [**authorization token**](../../importing-reports-from-scanners-to-appsec-portal/#authorization-token) obtained from AppSec Portal.
+3. `-H "Content-Type: multipart/form-data"`: specifies the content type of the request.
+4. `-F "file=@<report_file_path>"`: specifies the **path to the report file** generated by the scanner.
+5. `-F "product_name=<product_name>"`: specifies the **name of the product** being scanned.
+6. `-F "product_type=<product_type>"`: specifies the **type of the product** being scanned.
+7. `-F "scanner_name=<scanner_name>"`: specifies the **name of the scanner** used to generate the report (Trufflehog3 Scan)
+8. `-F "branch=<branch_name>"`: (_optional_) specifies the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch
+
+Asset information, if an [auditor ](broken-reference)is used
+
+9. `-F "repository=<repository SSH URL>"`: If your product is **code** in a repository enter the address of your **repository** in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git
+10. &#x20;\-F "docker\_image=\<registry address>": If your product is **image** enter the address of the **registry** where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto\_validator:latest
+11. \-F "domain=\<domain>": If your product is **web** enter the **domain name** of your product, for example: whitespots.io
+12. \-F "host=\<host>": If your product is **web** enter the **IP address** of your product, for example: 0.0.0.0