This PR adds comprehensive documentation for TruffleHog security scanning based on the implementation in the cloud repo.

What's Added

• New documentation page: docs/sandboxes/security-scanning.mdx
• Updated navigation: Added the new page to docs.json

Documentation Coverage

The new documentation explains:

Core Functionality

• How TruffleHog integrates with Codegen's workflow
• Pre-push hooks that scan modified files
• Security scanning during signed commits

Configuration

• .trufflehogignore file usage and patterns
• Scan configuration options
• Example ignore patterns for common false positives

Troubleshooting

• How to handle scan failures
• Resolving false positives vs real secrets
• When and how to bypass scans (with strong warnings)

Best Practices

• Secret management recommendations
• Repository security guidelines
• Team training considerations

Technical Details

• Installation and command-line usage
• Integration points in the codebase
• Specific scan parameters used

Implementation Details from Cloud Repo

Based on analysis of the cloud repository, this documentation covers:

• Pre-push hook implementation (scripts/pre-push.sh)
• Signed commit tool integration (create_signed_commit)
• Sandbox installation via Dockerfile
• Real-world .trufflehogignore examples

The documentation provides users with everything they need to understand and work with TruffleHog security scanning in their Codegen workflows.

💻 View my work • 👤 Initiated by @kopekC • 💬 Initiated in #agi-test • About Codegen
⛔ Remove Codegen from PR • 🚫 Ban action checks