%define		debug %nil
%define		debug_package %nil
%define     secscan 0

Name:		trufflehog
Version:	3.84.0
Release:	1
Summary:	Find credentials
URL:		https://trufflesecurity.com
Source0:	https://github.com/trufflesecurity/trufflehog/archive/v%{version}/%{name}-%{version}.tar.gz
License:	AGPLv3
Group:		Development/Other
BuildRequires:	go >= 1.21
BuildRequires:	git-core
BuildRequires:	upx
BuildRequires:  cmake
BuildRequires:  pkgconfig(openssl3.3)

%if %{secscan}
BuildRequires:  clamav
BuildRequires:  trivy
%endif

%description
TruffleHog v3 is a complete rewrite in Go with many new
powerful features.

We've added over 700 credential detectors that support 
active verification against their respective APIs.
We've also added native support for scanning GitHub, GitLab,
filesystems, and S3.
Instantly verify private keys against millions of github users
and billions of TLS certificates using our Driftwood technology.


%prep
%setup -q

%if %{secscan}
clamscan -ir .
trivy fs --scanners vuln --format cosign-vuln .
%endif

%build
export GOPROXY=https://proxy.golang.org/cached-only

CGO_ENABLED=0 go build --ldflags="-s -w" -a -o bin/trufflehog main.go
upx bin/%{name}

%install
install -Dm0755 bin/%{name} %{buildroot}%{_bindir}/%{name}

%files
%doc README.md LICENSE
%{_bindir}/%{name}

%check

%if %{secscan}
clamscan -ir %{buildroot}
%endif