Hugging Face integrates TruffleHog to scan for secrets across models, datasets, and Spaces

AI Impact Summary

Hugging Face has integrated TruffleHog to augment its automated scanning pipeline, enabling detection of secrets such as credentials, tokens, and keys across code files. The native TruffleHog Hugging Face integration can scan models, datasets, and Spaces, as well as related PRs or Discussions, with email notifications when a verified secret is detected. Note that unverified secrets may still appear due to provider downtime or verification failures, and files stored in LFS are not scanned yet; the team plans to migrate to a native Hugging Face scanner once LFS support lands, expanding coverage.