Go modules · proxy.golang.org

github.com/trufflesecurity/truffleHog/v3

Webhook Exfil Endpoint: matched "canarytokens.org"

Why PkgRadar flagged v3.95.4

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "canarytokens.org" · github.com/trufflesecurity/trufflehog/[email protected]/pkg/detectors/aws/access_keys/canary.go
medium	Remote Payload	matched "cURL " · github.com/trufflesecurity/trufflehog/[email protected]/pkg/analyzer/analyzers/ngrok/models.go
medium	Remote Payload	matched "curl " · github.com/trufflesecurity/trufflehog/[email protected]/pkg/analyzer/analyzers/slack/permissions.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/trufflesecurity/trufflehog/[email protected]/pkg/detectors/github/v1/github_old.go
medium	Remote Payload	matched "api.github.com/graphql" · github.com/trufflesecurity/trufflehog/[email protected]/pkg/sources/github/connector.go
medium	Remote Payload	matched "api.github.com/graphql" · github.com/trufflesecurity/trufflehog/[email protected]/pkg/sources/github_experimental/object_discovery.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v3.95.4`	High risk	145	2026-06-08
`v3.95.6-0.20260605195743-b32841520c47`	High risk	145	2026-06-08
`v3.95.5`	High risk	145	2026-06-08

Block this in CI

PkgRadar gates github.com/trufflesecurity/truffleHog/v3 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/trufflesecurity/truffleHog/[email protected]