Betterleaks is a new open-source secret scanner that inspects directories, files, and Git repositories with default or customizable rules to detect valid secrets before attackers can find them. Developed by Zach Rice (the author of Gitleaks) with support from Aikido and maintained under an MIT license, Betterleaks adds CEL rule validation, BPE-based token-efficiency scanning with 98.6% recall, a pure Go implementation, automatic decoding of encoded secrets, and parallelized Git scanning, with plans for LLM-assisted analysis and automated revocation. #Betterleaks #Gitleaks
Keypoints
- Betterleaks scans directories, files, and Git repositories using default or custom rules to locate exposed credentials and tokens.
- It is the successor to Gitleaks, developed by Zach Rice with support from Aikido and maintained under the MIT license.
- Key features include CEL-based rule validation, BPE token-efficiency scanning (98.6% recall on CredData), a pure Go build, and parallelized Git scanning.
- Betterleaks automatically handles doubly/triply encoded secrets and expands detection rules for more providers.
- Planned enhancements include LLM-assisted classification, support for non-Git data sources, automatic secret revocation, and permissions mapping.