3.90.10: git worktree fails with "failed to read index file: .../.git/index: not a directory"Β #4553
Description
TruffleHog Version
Reproducible with v3.90.13, but the issue was introduced with v3.90.10.
Trace Output
Obscured the repo path with XXX:
2025-11-14T09:44:14-05:00 info-2 trufflehog trufflehog dev
π·ππ· TruffleHog. Unearth your secrets. π·ππ·
2025-11-14T09:44:14-05:00 info-4 trufflehog default engine options set
2025-11-14T09:44:14-05:00 info-4 trufflehog engine initialized
2025-11-14T09:44:14-05:00 info-4 trufflehog setting up aho-corasick core
2025-11-14T09:44:14-05:00 info-4 trufflehog set up aho-corasick core
2025-11-14T09:44:14-05:00 info-2 trufflehog starting scanner workers {"count": 1}
2025-11-14T09:44:14-05:00 info-2 trufflehog starting detector workers {"count": 8}
2025-11-14T09:44:14-05:00 info-2 trufflehog starting verificationOverlap workers {"count": 1}
2025-11-14T09:44:14-05:00 info-2 trufflehog starting notifier workers {"count": 1}
2025-11-14T09:44:14-05:00 info-4 trufflehog Deleted orphaned temp artifact {"artifact": "/var/folders/q2/7kv58bm56cn0yjjk9p818wxm0000gn/T/trufflehog-53386-2167913541"}
2025-11-14T09:44:18-05:00 info-3 trufflehog git subcommand finished {"subcommand": "git clone", "repo": "file:///XXX", "path": "/var/folders/q2/7kv58bm56cn0yjjk9p818wxm0000gn/T/trufflehog-71111-2100839984", "args": [], "output": ""}
2025-11-14T09:44:18-05:00 info-1 trufflehog successfully cloned repo {"subcommand": "git clone", "repo": "file:///XXX", "path": "/var/folders/q2/7kv58bm56cn0yjjk9p818wxm0000gn/T/trufflehog-71111-2100839984", "args": []}
2025-11-14T09:44:18-05:00 error trufflehog error running scan {"error": "failed to scan Git: error preparing repo: failed to read index file: open /XXX/.git/index: not a directory"}
Expected Behavior
The Trufflehog run should have succeeded without error.
Actual Behavior
The Trufflehog run failed to scan Git. I was running it via its pre-commit hook in a Git worktree, which does not have its own .git directory but a text file in its place that contains a text reference back to the originating repo.
Steps to Reproduce
Presumably just create a Git worktree for any existing Git repo and run Trufflehog in it. We were using this pre-commit hook:
- repo: https://github.com/trufflesecurity/trufflehog
rev: v3.90.13
hooks:
- id: trufflehog
name: trufflehog
description: detect secrets between HEAD and local changes
entry: trufflehog git file://. --since-commit HEAD --only-verified --fail
verbose: true
stages: ["pre-commit", "pre-push"]