A brand new open-source software referred to as Betterleaks can scan directories, recordsdata, and git repositories and determine legitimate secrets and techniques utilizing default or custom-made guidelines.
Secret scanners are specialised utilities that scour repositories for delicate data, comparable to credentials, API keys, personal keys, and tokens, that builders by chance dedicated in supply code.
Since risk actors usually scan configuration recordsdata in public repositories for delicate particulars, one of these utility might help determine secrets and techniques and shield them earlier than attackers can discover them.
The new Betterleaks undertaking is meant as a extra superior successor to Gitleaks and is maintained by the identical crew, with help from Aikido, a Belgian firm that gives a platform for securing the event cycle.
Supply: GitHub
Betterleaks is developed by Zach Rice, Head of Secrets and techniques Scanning at Aikido Safety, who additionally authored the favored Gitleaks with 26 million downloads on GitHub and greater than 35 million pulls on Docker and GitHub Container Registry (GHCR).
“Betterleaks is the successor to Gitleaks. We’re dropping the “git” and slapping “higher” on it as a result of that’s what it’s, higher,” Rice says.
Betterleaks was created after Rice misplaced full management over Gitleaks, which he began growing eight years in the past. The listing of options within the new software contains:
- Rule-defined validation utilizing CEL (Widespread Expression Language)
- Token Effectivity Scanning based mostly on BPE tokenization fairly than entropy, attaining 98.6% recall vs 70.4% with entropy on the CredData dataset
- Pure Go implementation (no CGO or Hyperscan dependency)
- Computerized dealing with of doubly/triply encoded secrets and techniques
- Expanded rule set for extra suppliers
- Parallelized Git scanning for quicker repository evaluation
The developer has additionally revealed further options deliberate for the subsequent model of Betterleaks, like help for added information sources past Git repositories and recordsdata, LLM-assisted evaluation for higher secret classification, extra detection filters, automated secret revocation by way of supplier APIs, permissions mapping, and efficiency optimizations.
Relating to the undertaking’s governance, Rice explains that it makes use of the open-source MIT license and is maintained by three further individuals past himself, together with contributors from the Royal Financial institution of Canada, Pink Hat, and Amazon.
Rice underlined that Betterleak’s design philosophy combines human-centric use with lodging for AI agent workflows, together with CLI options optimized for automated instruments that scan AI-generated code.
Malware is getting smarter. The Pink Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
