Truffle Hog searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and have a high entropy. The tool is available on GitHub and requires the GitPython library to run. Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. In 2014 a researcher found 10,000 access keys for Amazon Web Services and Elastic Compute Cloud left by developers inside publicly accessible code on GitHub.”]