Skip to content

Add Together AI secret detector#4943

Open
asivaprasad09 wants to merge 2 commits intotrufflesecurity:mainfrom
asivaprasad09:add-togetherai-detector
Open

Add Together AI secret detector#4943
asivaprasad09 wants to merge 2 commits intotrufflesecurity:mainfrom
asivaprasad09:add-togetherai-detector

Conversation

@asivaprasad09
Copy link
Copy Markdown

@asivaprasad09 asivaprasad09 commented May 4, 2026
edited by cursor Bot
Loading

Summary

  • Adds a new detector for Together AI API keys (tgp_v1_ format)
  • Verifies keys via read-only GET https://api.together.xyz/v1/models
  • Registers detector in defaults.go and proto as TogetherAI = 1049
  • Populates SecretParts with "key" per detector conventions

Test plan

  • go test ./pkg/detectors/togetherai/... -tags=detectors passes all 4 cases (found+verified, found+unverified, not found, timeout)
  • Verified against a real Together AI key returning HTTP 200
  • Invalid key correctly returns HTTP 401 (unverified, no error)

Note

Low Risk
Low risk: additive new detector plus enum registration; main risk is potential false positives/verification HTTP behavior from the external Together API.

Overview
Adds a new TogetherAI secret detector that finds tgp_v1_... API keys and can verify them via a read-only GET https://api.together.xyz/v1/models call.

Registers the detector in defaults.go and extends detector_type.proto/generated protobufs with TogetherAI = 1049, with tests/benchmarks covering verified, unverified, not-found, and timeout verification cases.

Reviewed by Cursor Bugbot for commit c3fe507. Bugbot is set up for automated code reviews on this repo. Configure here.

Add Together AI secret detector
4298c97 
Adds a detector for Together AI API keys (tgp_v1_ format).
Verifies keys via GET /v1/models endpoint.
@asivaprasad09 asivaprasad09 requested a review from a team May 4, 2026 07:00
@asivaprasad09 asivaprasad09 requested review from a team as code owners May 4, 2026 07:00
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 4, 2026
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ Akshara Sivaprasad
❌ cursoragent

Akshara Sivaprasad seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

cursor[bot]
cursor Bot reviewed May 4, 2026
View reviewed changes
Comment thread pkg/detectors/togetherai/togetherai_test.go
Comment thread pkg/detectors/togetherai/togetherai_test.go Outdated
@cursoragent @asivaprasad09
Fix TogetherAI test secret retrieval timeout
c3fe507 
Co-authored-by: asivaprasad09 <asivaprasad@salesforce.com>
cursor[bot]
cursor Bot reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

Fix All in Cursor

Reviewed by Cursor Bugbot for commit c3fe507. Configure here.

Comment thread pkg/detectors/togetherai/togetherai.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asivaprasad09 @CLAassistant @cursoragent