trufflesecurity · casey-tran · Mar 27, 2026 · Mar 27, 2026
@@ -1,6 +1,16 @@
 # catch-all
 * @trufflesecurity/product-eng
 
+# Shared
+pkg/decoders/ @trufflesecurity/Scanning @trufflesecurity/OSS
+pkg/engine/ @trufflesecurity/Scanning  @trufflesecurity/OSS
+pkg/gitparse/ @trufflesecurity/Scanning  @trufflesecurity/OSS
+pkg/giturl/ @trufflesecurity/Scanning  @trufflesecurity/OSS
+pkg/handlers/ @trufflesecurity/Scanning  @trufflesecurity/OSS
+pkg/iobuf/ @trufflesecurity/Scanning  @trufflesecurity/OSS
+pkg/sanitizer/ @trufflesecurity/Scanning  @trufflesecurity/OSS
+proto/ @trufflesecurity/Scanning  @trufflesecurity/Integrations
+
 # Scanning
 pkg/sources/ @trufflesecurity/Scanning
 pkg/writers/ @trufflesecurity/Scanning
@@ -18,16 +28,7 @@ pkg/sources/jenkins/ @trufflesecurity/Integrations
 pkg/sources/postman/ @trufflesecurity/Integrations
 pkg/sources/s3/ @trufflesecurity/Integrations
 pkg/sources/travisci/ @trufflesecurity/Integrations
-
-# Shared
-pkg/decoders/ @trufflesecurity/Scanning @trufflesecurity/OSS
-pkg/engine/ @trufflesecurity/Scanning  @trufflesecurity/OSS
-pkg/gitparse/ @trufflesecurity/Scanning  @trufflesecurity/OSS
-pkg/giturl/ @trufflesecurity/Scanning  @trufflesecurity/OSS
-pkg/handlers/ @trufflesecurity/Scanning  @trufflesecurity/OSS
-pkg/iobuf/ @trufflesecurity/Scanning  @trufflesecurity/OSS
-pkg/sanitizer/ @trufflesecurity/Scanning  @trufflesecurity/OSS
-proto/ @trufflesecurity/Scanning  @trufflesecurity/Integrations
+proto/detector_type.proto @trufflesecurity/Integrations
 
 # OSS
 pkg/detectors/ @trufflesecurity/OSS

@@ -8,23 +8,23 @@ import (
 	"strings"
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
-	dpb "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	dtpb "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
 var (
 	specialGroups = map[string][]DetectorID{
 		"all": allDetectors(),
 	}
 
-	detectorTypeValue = make(map[string]dpb.DetectorType, len(dpb.DetectorType_value))
-	validDetectors    = make(map[dpb.DetectorType]struct{}, len(dpb.DetectorType_value))
-	maxDetectorType   dpb.DetectorType
+	detectorTypeValue = make(map[string]dtpb.DetectorType, len(dtpb.DetectorType_value))
+	validDetectors    = make(map[dtpb.DetectorType]struct{}, len(dtpb.DetectorType_value))
+	maxDetectorType   dtpb.DetectorType
 )
 
 // Setup package local global variables.
 func init() {
-	for k, v := range dpb.DetectorType_value {
-		dt := dpb.DetectorType(v)
+	for k, v := range dtpb.DetectorType_value {
+		dt := dtpb.DetectorType(v)
 		detectorTypeValue[strings.ToLower(k)] = dt
 		validDetectors[dt] = struct{}{}
 		if dt > maxDetectorType {
@@ -37,7 +37,7 @@ func init() {
 // way for users to identify detectors, whether unique or not. A DetectorID
 // with Version = 0 indicates all possible versions of a detector.
 type DetectorID struct {
-	ID      dpb.DetectorType
+	ID      dtpb.DetectorType
 	Version int
 }
 
@@ -117,7 +117,7 @@ func ParseVerifierEndpoints(verifierURLs map[string]string) (map[DetectorID][]st
 }
 
 func (id DetectorID) String() string {
-	name := dpb.DetectorType_name[int32(id.ID)]
+	name := dtpb.DetectorType_name[int32(id.ID)]
 	if name == "" {
 		name = "<invalid ID>"
 	}
@@ -129,9 +129,9 @@ func (id DetectorID) String() string {
 
 // allDetectors returns an ordered slice of all detector types.
 func allDetectors() []DetectorID {
-	all := make([]DetectorID, 0, len(dpb.DetectorType_name))
-	for id := range dpb.DetectorType_name {
-		all = append(all, DetectorID{ID: dpb.DetectorType(id)})
+	all := make([]DetectorID, 0, len(dtpb.DetectorType_name))
+	for id := range dtpb.DetectorType_name {
+		all = append(all, DetectorID{ID: dtpb.DetectorType(id)})
 	}
 	sort.Slice(all, func(i, j int) bool { return all[i].ID < all[j].ID })
 	return all
@@ -173,7 +173,7 @@ func asRange(input string) ([]DetectorID, error) {
 		return nil, fmt.Errorf("versions within ranges are not supported: %s", input)
 	}
 
-	step := dpb.DetectorType(1)
+	step := dtpb.DetectorType(1)
 	if dtStart.ID > dtEnd.ID {
 		step = -1
 	}
@@ -212,7 +212,7 @@ func asDetectorID(input string) (DetectorID, error) {
 	}
 	// Check if it's a detector ID.
 	if i, err := strconv.ParseInt(input, 10, 32); err == nil {
-		dt := dpb.DetectorType(i)
+		dt := dtpb.DetectorType(i)
 		if _, ok := validDetectors[dt]; !ok {
 			return DetectorID{}, fmt.Errorf("invalid detector ID: %s", input)
 		}

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	dpb "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	dtpb "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
 func TestDetectorParsing(t *testing.T) {
@@ -15,22 +15,22 @@ func TestDetectorParsing(t *testing.T) {
 		"all":                       {"AlL", allDetectors()},
 		"trailing range":            {"0-", allDetectors()},
 		"all after 1":               {"1-", allDetectors()[1:]},
-		"named and valid range":     {"aWs,8-9", []DetectorID{{ID: dpb.DetectorType_AWS}, {ID: dpb.DetectorType_Github}, {ID: dpb.DetectorType_Gitlab}}},
+		"named and valid range":     {"aWs,8-9", []DetectorID{{ID: dtpb.DetectorType_AWS}, {ID: dtpb.DetectorType_Github}, {ID: dtpb.DetectorType_Gitlab}}},
 		"duplicate order preserved": {"9, 8, 9", []DetectorID{{ID: 9}, {ID: 8}}},
-		"named range":               {"github - gitlab", []DetectorID{{ID: dpb.DetectorType_Github}, {ID: dpb.DetectorType_Gitlab}}},
+		"named range":               {"github - gitlab", []DetectorID{{ID: dtpb.DetectorType_Github}, {ID: dtpb.DetectorType_Gitlab}}},
 		"range preserved":           {"8-9, 7-10", []DetectorID{{ID: 8}, {ID: 9}, {ID: 7}, {ID: 10}}},
 		"reverse range":             {"9-8", []DetectorID{{ID: 9}, {ID: 8}}},
 		"range preserved with all":  {"10-,all", append(allDetectors()[10:], allDetectors()[:10]...)},
 		"empty list item":           {"8, ,9", []DetectorID{{ID: 8}, {ID: 9}}},
 		"invalid end range":         {"0-1337", nil},
 		"invalid name":              {"foo", nil},
 		"negative":                  {"-1", nil},
-		"github.v1":                 {"github.v1", []DetectorID{{ID: dpb.DetectorType_Github, Version: 1}}},
-		"gitlab.v100":               {"gitlab.v100", []DetectorID{{ID: dpb.DetectorType_Gitlab, Version: 100}}},
+		"github.v1":                 {"github.v1", []DetectorID{{ID: dtpb.DetectorType_Github, Version: 1}}},
+		"gitlab.v100":               {"gitlab.v100", []DetectorID{{ID: dtpb.DetectorType_Gitlab, Version: 100}}},
 		"range with versions":       {"github.v2 - gitlab.v1", nil},
 		"invalid version no v":      {"gitlab.2", nil},
 		"invalid version no number": {"gitlab.github", nil},
-		"capital V is fine":         {"GiTlAb.V2", []DetectorID{{ID: dpb.DetectorType_Gitlab, Version: 2}}},
+		"capital V is fine":         {"GiTlAb.V2", []DetectorID{{ID: dtpb.DetectorType_Gitlab, Version: 2}}},
 		"id number with version":    {"8.v2", []DetectorID{{ID: 8, Version: 2}}},
 	}
 

@@ -16,7 +16,7 @@ import (
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/custom_detectorspb"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
 // The maximum number of matches from one chunk. This const is used when
@@ -222,7 +222,7 @@ func (c *CustomRegexWebhook) createResults(ctx context.Context, match map[string
 	}
 
 	result := detectors.Result{
-		DetectorType: detectorspb.DetectorType_CustomRegex,
+		DetectorType: detector_typepb.DetectorType_CustomRegex,
 		DetectorName: c.GetName(),
 		ExtraData:    map[string]string{},
 	}
@@ -398,8 +398,8 @@ func permutateMatches(regexMatches map[string][][]string) []map[string][]string
 	return matches
 }
 
-func (c *CustomRegexWebhook) Type() detectorspb.DetectorType {
-	return detectorspb.DetectorType_CustomRegex
+func (c *CustomRegexWebhook) Type() detector_typepb.DetectorType {
+	return detector_typepb.DetectorType_CustomRegex
 }
 
 const defaultDescription = "This is a user-defined detector with no description provided."

@@ -11,7 +11,7 @@ import (
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/custom_detectorspb"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/protoyaml"
 )
 
@@ -317,7 +317,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("MyStr0ngP@ssword!"),
@@ -364,7 +364,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("MyStrongPassword!"),
@@ -411,7 +411,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("MyStrongPassword!"),
@@ -458,7 +458,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("MyStr@ngP@ssword!"),
@@ -506,7 +506,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("MyStrongP@ssword"),
@@ -554,7 +554,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("mystrongp@ssword"),
@@ -590,7 +590,7 @@ func TestDetectorValidations(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_CustomRegex,
+					DetectorType: detector_typepb.DetectorType_CustomRegex,
 					DetectorName: "test",
 					Verified:     false,
 					Raw:          []byte("c392c9837d69b44c764cbf260b-e6184MyStrongP@ssword"),

@@ -3,13 +3,14 @@ package abstract
 import (
 	"context"
 	"fmt"
-	regexp "github.com/wasilibs/go-re2"
 	"net/http"
 	"strings"
 
+	regexp "github.com/wasilibs/go-re2"
+
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
 type Scanner struct {
@@ -51,7 +52,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		resMatch := strings.TrimSpace(match[1])
 
 		s1 := detectors.Result{
-			DetectorType: detectorspb.DetectorType_Abstract,
+			DetectorType: detector_typepb.DetectorType_Abstract,
 			Raw:          []byte(resMatch),
 		}
 
@@ -92,8 +93,8 @@ func verifyAbstract(ctx context.Context, client *http.Client, resMatch string) (
 	}
 }
 
-func (s Scanner) Type() detectorspb.DetectorType {
-	return detectorspb.DetectorType_Abstract
+func (s Scanner) Type() detector_typepb.DetectorType {
+	return detector_typepb.DetectorType_Abstract
 }
 
 func (s Scanner) Description() string {

@@ -14,7 +14,7 @@ import (
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
 func TestAbstract_FromChunk(t *testing.T) {
@@ -49,7 +49,7 @@ func TestAbstract_FromChunk(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_Abstract,
+					DetectorType: detector_typepb.DetectorType_Abstract,
 					Verified:     true,
 				},
 			},
@@ -65,7 +65,7 @@ func TestAbstract_FromChunk(t *testing.T) {
 			},
 			want: func() []detectors.Result {
 				r := detectors.Result{
-					DetectorType: detectorspb.DetectorType_Abstract,
+					DetectorType: detector_typepb.DetectorType_Abstract,
 					Verified:     false,
 				}
 				r.SetVerificationError(context.DeadlineExceeded)
@@ -83,7 +83,7 @@ func TestAbstract_FromChunk(t *testing.T) {
 			},
 			want: func() []detectors.Result {
 				r := detectors.Result{
-					DetectorType: detectorspb.DetectorType_Abstract,
+					DetectorType: detector_typepb.DetectorType_Abstract,
 					Verified:     false,
 				}
 				r.SetVerificationError(fmt.Errorf("unexpected HTTP response status 500"))
@@ -101,7 +101,7 @@ func TestAbstract_FromChunk(t *testing.T) {
 			},
 			want: []detectors.Result{
 				{
-					DetectorType: detectorspb.DetectorType_Abstract,
+					DetectorType: detector_typepb.DetectorType_Abstract,
 					Verified:     false,
 				},
 			},

@@ -12,7 +12,7 @@ import (
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
-	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detector_typepb"
 )
 
 type Scanner struct {
@@ -54,7 +54,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		resMatch := strings.TrimSpace(match[1])
 
 		s1 := detectors.Result{
-			DetectorType: detectorspb.DetectorType_AbuseIPDB,
+			DetectorType: detector_typepb.DetectorType_AbuseIPDB,
 			Raw:          []byte(resMatch),
 		}
 
@@ -103,8 +103,8 @@ func verifyAbuseIPDB(ctx context.Context, client *http.Client, resMatch string)
 	}
 }
 
-func (s Scanner) Type() detectorspb.DetectorType {
-	return detectorspb.DetectorType_AbuseIPDB
+func (s Scanner) Type() detector_typepb.DetectorType {
+	return detector_typepb.DetectorType_AbuseIPDB
 }
 
 func (s Scanner) Description() string {