0

/ 100

GradeA

A top-tier open source project. Docs, tests, and CI are all in excellent shape.

Find, verify, and analyze leaked credentials

Outstanding. A score of 97/100 puts this repo in a very small tier of truly well-engineered projects.

Documentation

93

Contributing guide5pt71

Contributing guide is too short for full depth credit (−6 pts). 400+ words earns the full +12 pts.

Add setup instructions, code style notes, and how to run tests.

Install and run instructions9pt90

README documents how to install the project.

README12pt100

README is present.

License6pt100

Licensed under AGPL-3.0.

Engineering

98

Reproducibility6pt85

Lockfile present (go.sum). Installs are reproducible.

Tests18pt100

Test files detected (hack/checksecretparts/check_test.go).

CI/CD14pt100

CI is configured (.github/workflows/lint.yml).

Linting and formatting5pt100

Formatting enforced (gofmt (built into Go toolchain)).

Issue and PR templates6pt100

Issue or PR templates present.

Project health

100

Dependency manifest6pt100

Dependency manifest found (go.mod).

Repository metadata5pt100

Repository has a description.

Activity5pt100

Actively maintained (pushed within the last month).

Housekeeping3pt100

.gitignore present.

Repository health signals

Activity, community, and responsiveness at scan time

Activity

  • 32 / 91
    Commits (30d / 90d)
  • 2,491
    Forks
  • 336
    Releaseslatest 4y ago

Community

  • 100% - Good
    Community health
  • 6 bus factor
    authors own >50% of commits
  • 26,930
    Watchers

Responsiveness

  • 9d 4h
    Median issue response
  • 20h
    Median PR merge time
  • 500
    Open issues
Repository files33 root entries
  • .captain
  • .claude
  • .codex
  • .cursor
  • .github
    Good: CI is configured (.github/workflows/lint.yml).
    Good: Issue or PR templates present.
  • assets
  • docs
  • examples
  • hack
    Good: Test files detected (hack/checksecretparts/check_test.go).
  • pkg
  • proto
  • scripts
  • .gitattributes
  • .gitignore
    Good: .gitignore present.
  • .goreleaser.yml
  • .pre-commit-config.yaml
  • .pre-commit-hooks.yaml
  • action.yml
  • CODE_OF_CONDUCT.md
    Good: Code of conduct present.
  • CODEOWNERS
  • CONTRIBUTING.md
    Issue: Contributing guide is too short for full depth credit (−6 pts). 400+ words earns the full +12 pts.Fix: Add setup instructions, code style notes, and how to run tests.
    Issue: Contributing guide lacks a setup section (−12 pts).Fix: Show new contributors how to get a local dev environment running.
    Issue: Contributing guide lacks a code style section (−8 pts).Fix: Describe your linting/formatting rules and how to run them.
    Issue: Contributing guide lacks a testing section (−8 pts).Fix: Show contributors how to run the test suite (e.g. npm test, pytest, cargo test).
    Good: Contributing guide describes the PR/review workflow.
    Good: Contributing guide includes code examples.
  • Dockerfile
    Good: Environment pinned via Dockerfile.
  • Dockerfile.goreleaser
  • entrypoint.sh
  • go.mod
    Good: Dependency manifest found (go.mod).
  • go.sum
    Good: Lockfile present (go.sum). Installs are reproducible.
  • LICENSE
    Good: Licensed under AGPL-3.0.
  • main.go
  • Makefile
  • manpage.go
  • PreCommit.md
  • README.md
    Good: README is present.
    Good: README is well structured with multiple sections.
    Good: README includes screenshots or visuals. Great for first impressions.
    Good: README has code examples.
    Good: README links to a live demo or deployed app.
    Good: README includes status badges.
    Good: README documents how to install the project.
    Good: README documents how to run the project.
  • SECURITY.md
    Good: Security policy present.
RepoGrade badge preview

Add this badge to your README

It updates automatically each time the repo is re-graded.

[![RepoGrade](https://www.repo-grade.com/api/badge/trufflesecurity/trufflehog)](https://www.repo-grade.com/report/trufflesecurity/trufflehog)

More graded Go repos