Case Study: Cmd achieves stronger secrets control and fewer false positives with TruffleHog from Truffle Security

Cmd takes control of their secrets with TruffleHog to eliminate “smoldering fires”

Cmd, a security company later acquired by Elasticsearch, Inc., faced the challenge of preventing secret key exposure across platforms like GitHub and Slack as their distributed development team moved at a rapid pace. Their goals were to eliminate these leaks, establish a shift-left approach, and reduce false positive noise. Out of necessity, they turned to Truffle Security for its solution.

By implementing Truffle Security's TruffleHog, Cmd integrated seamless, automated secret scanning into their workflow. The solution provided live alerts in Slack, enabling immediate remediation and a true shift-left process. This eliminated manual searches for secrets and significantly reduced exposure without adding noise. Furthermore, TruffleHog enhanced Cmd's security posture, allowing them to confidently report this control to clients and auditors.

Cmd

Jake King

Co-founder & Chief Security Officer