feat(git,github): add --since date filter to git and github scans

main.go

@@ -102,6 +102,7 @@ var (
 	gitScanBranch          = gitScan.Flag("branch", "Branch to scan.").String()
 	gitScanMaxDepth        = gitScan.Flag("max-depth", "Maximum depth of commits to scan.").Int()
 	gitScanBare            = gitScan.Flag("bare", "Scan bare repository (e.g. useful while using in pre-receive hooks)").Bool()
+	gitScanSinceDate       = gitScan.Flag("since", "Scan commits more recent than a specific date (e.g. 2024-01-01).").String()
 	gitClonePath           = gitScan.Flag("clone-path", "Custom path where the repository should be cloned (default: temp dir).").String()
 	gitNoCleanup           = gitScan.Flag("no-cleanup", "Do not delete cloned repositories after scanning (can only be used with --clone-path).").Bool()
 	gitTrustLocalGitConfig = gitScan.Flag("trust-local-git-config", "Trust local git config.").Bool()
@@ -129,6 +130,7 @@ var (
 	githubClonePath             = githubScan.Flag("clone-path", "Custom path where the repository should be cloned (default: temp dir).").String()
 	githubNoCleanup             = githubScan.Flag("no-cleanup", "Do not delete cloned repositories after scanning (can only be used with --clone-path).").Bool()
 	githubIgnoreGists           = githubScan.Flag("ignore-gists", "Ignore all gists in scan.").Bool()
+	githubScanSinceDate         = githubScan.Flag("since", "Scan commits more recent than a specific date (e.g. 2024-01-01).").String()
 
 	// GitHub Cross Fork Object Reference Experimental Feature
 	githubExperimentalScan = cli.Command("github-experimental", "Run an experimental GitHub scan. Must specify at least one experimental sub-module to run: object-discovery.")
@@ -808,6 +810,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			NoCleanup:           *gitNoCleanup,
 			PrintLegacyJSON:     *jsonLegacy,
 			TrustLocalGitConfig: *gitTrustLocalGitConfig,
+			SinceDate:           *gitScanSinceDate,
 		}
 
 		// detect if trufflehog is running git source as a pre-commit hook
@@ -870,6 +873,7 @@ func runSingleScan(ctx context.Context, cmd string, cfg engine.Config) (metrics,
 			NoCleanup:                  *githubNoCleanup,
 			IgnoreGists:                *githubIgnoreGists,
 			PrintLegacyJSON:            *jsonLegacy,
+			SinceDate:                  *githubScanSinceDate,
 		}
 
 		if ref, err := eng.ScanGitHub(ctx, cfg); err != nil {

pkg/engine/git.go

@@ -44,5 +44,9 @@ func (e *Engine) ScanGit(ctx context.Context, c sources.GitConfig) (sources.JobP
 		return sources.JobProgressRef{}, err
 	}
 
+	if c.SinceDate != "" {
+		gitSource.ApplyScanOption(git.ScanOptionSinceDate(c.SinceDate))
+	}
+
 	return e.sourceManager.EnumerateAndScan(ctx, sourceName, gitSource)
 }

pkg/engine/github.go

@@ -55,6 +55,11 @@ func (e *Engine) ScanGitHub(ctx context.Context, c sources.GithubConfig) (source
 		git.ScanOptionFilter(c.Filter),
 		git.ScanOptionLogOptions(logOptions),
 	}
+
+	if c.SinceDate != "" {
+		opts = append(opts, git.ScanOptionSinceDate(c.SinceDate))
+	}
+
 	scanOptions := git.NewScanOptions(opts...)
 
 	sourceName := "trufflehog - github"

pkg/sources/git/git.go

@@ -145,6 +145,15 @@ func (s *Source) withScanOptions(scanOptions *ScanOptions) {
 	s.scanOptions = scanOptions
 }
 
+// ApplyScanOption applies an additional scan option on top of the source's existing scan options.
+// This can be used after Init to augment options without replacing the full set.
+func (s *Source) ApplyScanOption(opt ScanOption) {
+	if s.scanOptions == nil {
+		s.scanOptions = NewScanOptions()
+	}
+	opt(s.scanOptions)
+}
+
 // Init returns an initialized Git source.
 func (s *Source) Init(aCtx context.Context, name string, jobId sources.JobID, sourceId sources.SourceID, verify bool, connection *anypb.Any, concurrency int) error {
 	s.name = name
@@ -704,7 +713,13 @@ func (s *Git) ScanCommits(ctx context.Context, repo *git.Repository, path string
 		logValues = append(logValues, "max_depth", scanOptions.MaxDepth)
 	}
 
-	diffChan, err := s.parser.RepoPath(repoCtx, path, scanOptions.HeadHash, scanOptions.BaseHash == "", scanOptions.ExcludeGlobs, isRepoBare(path))
+	var additionalArgs []string
+	if scanOptions.SinceDate != "" {
+		additionalArgs = append(additionalArgs, fmt.Sprintf("--after=%s", scanOptions.SinceDate))
+		repoCtx.Logger().V(2).Info("limiting git log by date", "since", scanOptions.SinceDate)
+	}
+
+	diffChan, err := s.parser.RepoPath(repoCtx, path, scanOptions.HeadHash, scanOptions.BaseHash == "", scanOptions.ExcludeGlobs, isRepoBare(path), additionalArgs...)
 	if err != nil {
 		return err
 	}

pkg/sources/git/scan_options.go

@@ -13,6 +13,7 @@ type ScanOptions struct {
 	Bare         bool
 	ExcludeGlobs []string
 	LogOptions   *git.LogOptions
+	SinceDate    string
 }
 
 type ScanOption func(*ScanOptions)
@@ -59,6 +60,12 @@ func ScanOptionBare(bare bool) ScanOption {
 	}
 }
 
+func ScanOptionSinceDate(sinceDate string) ScanOption {
+	return func(scanOptions *ScanOptions) {
+		scanOptions.SinceDate = sinceDate
+	}
+}
+
 func NewScanOptions(options ...ScanOption) *ScanOptions {
 	scanOptions := &ScanOptions{
 		Filter:   common.FilterEmpty(),

pkg/sources/sources.go

@@ -291,6 +291,8 @@ type GitConfig struct {
 	PrintLegacyJSON bool
 	// TrustLocalGitConfig allows to trust the local git config.
 	TrustLocalGitConfig bool
+	// SinceDate limits scanning to commits more recent than the specified date.
+	SinceDate string
 }
 
 // GithubConfig defines the optional configuration for a github source.
@@ -336,6 +338,8 @@ type GithubConfig struct {
 	IgnoreGists bool
 	// PrintLegacyJSON indicates whether to print legacy JSON output format for this source.
 	PrintLegacyJSON bool
+	// SinceDate limits scanning to commits more recent than the specified date.
+	SinceDate string
 }
 
 // GitHubExperimentalConfig defines the optional configuration for an experimental GitHub source.