Hugging Face integrates TruffleHog for secret scanning

AI Impact Summary

Hugging Face has integrated TruffleHog to proactively scan its platform for secrets, expanding security coverage beyond malware scanning. This integration includes automated scanning of models, datasets, Spaces, and associated PRs and discussions, leveraging TruffleHog’s open-source tool to detect and verify secret leaks. The initial implementation focuses on scanning repositories via the `trufflehog huggingface` command, notifying users of detected secrets and empowering them to take corrective action.