Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories

A new open‑source secrets scanning tool called Betterleaks has been introduced by Zach Rice, the original creator of the widely used Gitleaks project.

Sponsored by security firm Aikido, Betterleaks is designed as a modern successor to Gitleaks, offering faster scanning, improved filtering, and expanded capabilities for detecting exposed credentials across codebases, files, and Git repositories.

Secrets such as API keys, access tokens, passwords, and private credentials frequently leak into source code repositories or configuration files.

Attackers actively search for these exposed secrets because they can provide immediate access to cloud services, databases, or internal systems. Tools like Betterleaks aim to automatically detect these leaks before they are exploited.

Rice first began developing secret detection tools eight years ago when he discovered exposed credentials on GitHub.

His original project, Gitleaks, grew into one of the most widely used open‑source secrets scanners, accumulating millions of downloads and becoming a common security tool used by developers, enterprises, and security researchers.

However, Rice no longer has full control over the Gitleaks repository and brand, which led him to launch a new project.

Betterleaks was created to continue advancing secrets detection with modern scanning techniques while maintaining compatibility with existing Gitleaks workflows.

Betterleaks acts as a drop‑in replacement for Gitleaks, meaning organizations can migrate without changing their existing configurations or command‑line options.

Users can run the same commands and configurations while benefiting from improved performance and new detection features.

The first release, Betterleaks v1.0.0, introduces several technical improvements designed to enhance accuracy and scanning speed.

Key features include:

• Rule‑Defined Validation: Betterleaks uses the Common Expression Language (CEL) to define validation logic, allowing users to create flexible rules for identifying potential secrets.
• Token Efficiency Scanning: Instead of relying solely on entropy‑based detection, Betterleaks analyzes Byte Pair Encoding (BPE) tokenization efficiency to identify likely secrets. In tests against the CredData dataset, this approach achieved 98.6% recall, compared to 70.4% using traditional entropy methods.
• Pure Go Implementation: The tool is written entirely in Go without CGO dependencies, enabling easier deployment across different environments while maintaining high performance.
• Default Encoding Detection: Betterleaks can automatically detect double or triple-encoded secrets, which are commonly used to obscure credentials.
• Parallel Git Repository Scanning: Git repositories can be scanned significantly faster through parallelized processing.

Betterleaks can currently scan Git repositories, directories, files, and standard input streams, making it suitable for integration into development pipelines, CI/CD systems, and security automation workflows.

The project is also designed with future automation in mind. Planned Version 2 features include scanning additional data sources, integrating LLM‑assisted classification for ambiguous secrets, automated secret revocation through provider APIs, and permission mapping to determine what exposed credentials can access.

Betterleaks is released under the MIT open‑source license and is backed by multiple maintainers from organizations including Amazon, Red Hat, and the Royal Bank of Canada, helping ensure long‑term project stability and community governance.

As secret exposure remains a persistent security risk in modern software development, tools like Betterleaks aim to provide developers and security teams with faster and more accurate methods for detecting sensitive data before attackers can exploit it.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories appeared first on Cyber Security News.