Why use tartufo over gitleaks?

[bittner]

I found out about tartufo recently, and I tried - unsuccessfully - to understand the differences compared to gitleaks. There doesn't seem to be much content on this on the Web.

Could someone explain the key differences, maybe also with more tools, other than gitleaks, if any, and what makes tartufu particularly stand out?

[sushantmimani]

Hi @bittner ,

While both these tools provide similar functionalities, Tartufo uses a combination of entropy checks and regex matching by default to find secrets. If I understand correctly, gitleaks uses only regex matching by default. Tartufo also allows remote scanning on repos.