A brand new open-source software known as Betterleaks can scan directories, recordsdata, and git repositories and establish legitimate secrets and techniques utilizing default or personalized guidelines.
Secret scanners are specialised utilities that scour repositories for delicate data, corresponding to credentials, API keys, non-public keys, and tokens, that builders unintentionally dedicated in supply code.
Since risk actors usually scan configuration recordsdata in public repositories for delicate particulars, any such utility may help establish secrets and techniques and defend them earlier than attackers can discover them.
The new Betterleaks challenge is meant as a extra superior successor to Gitleaks and is maintained by the identical group, with help from Aikido, a Belgian firm that gives a platform for securing the event cycle.
Supply: GitHub
Betterleaks is developed by Zach Rice, Head of Secrets and techniques Scanning at Aikido Safety, who additionally authored the favored Gitleaks with 26 million downloads on GitHub and greater than 35 million pulls on Docker and GitHub Container Registry (GHCR).
“Betterleaks is the successor to Gitleaks. We’re dropping the “git” and slapping “higher” on it as a result of that’s what it’s, higher,” Rice says.
Betterleaks was created after Rice misplaced full management over Gitleaks, which he began growing eight years in the past. The record of options within the new software consists of:
- Rule-defined validation utilizing CEL (Widespread Expression Language)
- Token Effectivity Scanning based mostly on BPE tokenization moderately than entropy, reaching 98.6% recall vs 70.4% with entropy on the CredData dataset
- Pure Go implementation (no CGO or Hyperscan dependency)
- Computerized dealing with of doubly/triply encoded secrets and techniques
- Expanded rule set for extra suppliers
- Parallelized Git scanning for sooner repository evaluation
The developer has additionally revealed further options deliberate for the subsequent model of Betterleaks, like help for extra knowledge sources past Git repositories and recordsdata, LLM-assisted evaluation for higher secret classification, extra detection filters, computerized secret revocation by way of supplier APIs, permissions mapping, and efficiency optimizations.
Concerning the challenge’s governance, Rice explains that it makes use of the open-source MIT license and is maintained by three further folks past himself, together with contributors from the Royal Financial institution of Canada, Purple Hat, and Amazon.
Rice underlined that Betterleak’s design philosophy combines human-centric use with lodging for AI agent workflows, together with CLI options optimized for automated instruments that scan AI-generated code.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
