Update PreCommit.md with audit mode details (#4280)

2025-10-10 12:53:31 +02:00 · 2025-08-14 14:07:00 -04:00
parent acdd6f846f
commit c1fd84c415
1 changed files with 18 additions and 0 deletions
--- a/PreCommit.md
+++ b/PreCommit.md
@@ -160,6 +160,24 @@ In rare cases, you may need to bypass pre-commit hooks:
 git commit --no-verify -m "Your commit message"
 ```

+### Running in Audit Mode
+
+You can run the TruffleHog pre-commit hook in an "audit" or "non-enforcement" mode to test the git hook with the following commands:
+
+Local Binary Version:
+```bash
+trufflehog git file://. --since-commit HEAD --results=verified,unknown 2>/dev/null
+```
+
+Docker Container Version:
+```bash
+docker run --rm -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --since-commit HEAD --results=verified,unknown 2>/dev/null
+```
+
+This change does two things: (1) removes the `--fail` flag, which means the pre-commit hook will *always* pass, (2) suppresses `stderr` output, so only verified secrets are printed to the terminal output.
+
+**For users of the Pre-Commit Framework: add the `verbose: true` flag during audit mode; otherwise, the hook will pass, and you won't see any secrets.**
+
 ## Troubleshooting

 ### Hook Not Running