trufflesecurity · mustansir14 · Jan 19, 2026 · Jan 20, 2026 · Jan 22, 2026 · Jan 23, 2026
@@ -449,13 +449,11 @@ func (s *Source) Enumerate(ctx context.Context, reporter sources.UnitReporter) e
 		for _, repo := range s.filteredRepoCache.Values() {
 			// Extract the repository name from the URL for filtering
 			repoName := repo
-			if strings.Contains(repo, "/") {
-				// Try to extract org/repo name from URL
-				if strings.Contains(repo, "github.com") {
-					parts := strings.Split(repo, "/")
-					if len(parts) >= 2 {
-						repoName = parts[len(parts)-2] + "/" + strings.TrimSuffix(parts[len(parts)-1], ".git")
-					}
+			// Try to extract org/repo name from URL
+			if u, err := url.Parse(repo); err == nil {
+				parts := strings.Split(u.Path, "/")
+				if len(parts) >= 2 {
+					repoName = parts[len(parts)-2] + "/" + strings.TrimSuffix(parts[len(parts)-1], ".git")
 				}
 			}
 

@@ -459,6 +459,38 @@ func TestNormalizeRepo(t *testing.T) {
 	assert.Contains(t, err.Error(), "no repositories found")
 }
 
+func TestNormalizeRepo_Enterprise(t *testing.T) {
+	tests := []struct {
+		name       string
+		endpoint   string
+		wantResult string
+	}{
+		{
+			name:       "only host",
+			endpoint:   "https://example.com",
+			wantResult: "https://example.com/org/repo.git",
+		},
+		{
+			name:       "host with path",
+			endpoint:   "https://example.com/api/v3",
+			wantResult: "https://example.com/org/repo.git",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			source := Source{
+				conn: &sourcespb.GitHub{
+					Endpoint: tt.endpoint,
+				},
+			}
+
+			result, err := source.normalizeRepo("org/repo")
+			assert.NoError(t, err)
+			assert.Equal(t, tt.wantResult, result)
+		})
+	}
+}
+
 func TestHandleRateLimit(t *testing.T) {
 	s := initTestSource(&sourcespb.GitHub{Credential: &sourcespb.GitHub_Unauthenticated{}})
 	ctx := context.Background()

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"regexp"
 	"strings"
 	"sync"
@@ -365,6 +366,16 @@ func (s *Source) normalizeRepo(repo string) (string, error) {
 	// If it's a repository name (contains / but not http), convert to full URL first
 	if strings.Contains(repo, "/") && !regexp.MustCompile(`^[a-z]+://`).MatchString(repo) {
 		fullURL := "https://github.com/" + repo
+		// If using GitHub Enterprise, adjust the URL accordingly
+		if s.conn != nil && s.conn.Endpoint != "" {
+			u, err := url.Parse(s.conn.Endpoint)
+			if err != nil {
+				return "", fmt.Errorf("invalid enterprise endpoint: %w", err)
+			}
+			// we want to remove any path components from the endpoint and just use the host
+			u.Path = "/" + repo
+			fullURL = u.String()
+		}
 		return giturl.NormalizeGithubRepo(fullURL)
 	}