CP
cyberpings
Tools & TutorialsLOW

Betterleaks - New Open-Source Tool Enhances Secret Scanning

SCSC Media
BetterleaksGitleaksDevSecOps
🎯

Basically, Betterleaks helps developers find and protect sensitive information in their code.

Quick Summary

A new open-source tool, Betterleaks, has been launched to enhance secret scanning for developers. It helps identify sensitive information like API keys and credentials. This tool is crucial for maintaining security in software development.

What It Does

Betterleaks is an innovative open-source tool designed to enhance the process of secret scanning. It scans directories, files, and Git repositories to identify sensitive information that developers might accidentally expose. This includes credentials, API keys, and other secrets that are crucial for maintaining security in software development.

Developed as an advanced successor to the widely used Gitleaks tool, Betterleaks offers improved functionality and efficiency. It employs Common Expression Language (CEL) for rule-defined validation, which allows it to perform more accurate scans. With a remarkable recall rate of 98.6% on the CredData dataset, Betterleaks significantly outperforms traditional entropy-based methods.

Key Features

The tool is implemented in pure Go, which means it has no dependencies on CGO or Hyperscan, making it lightweight and easy to deploy. Betterleaks automatically handles encoded secrets, ensuring that even hidden credentials are detected. It also boasts an expanded rule set that covers more providers, enhancing its versatility for developers working across different platforms.

One of the standout features of Betterleaks is its ability to perform parallelized Git scanning. This allows for faster analysis, which is essential in today's fast-paced development environments. Future updates are expected to introduce support for additional data sources, LLM-assisted analysis, and even automatic secret revocation, making it a comprehensive tool for developers.

Who It's For

Betterleaks is particularly beneficial for developers and DevSecOps teams looking to enhance their security posture. By integrating this tool into their workflow, teams can proactively identify and mitigate risks associated with exposed secrets. This is crucial in preventing unauthorized access and potential data breaches.

In a world where cyber threats are increasingly sophisticated, tools like Betterleaks empower developers to take control of their code's security. The open-source nature of the tool also encourages collaboration and continuous improvement within the community, ensuring that it evolves with the changing landscape of cybersecurity.

How to Get Started

To get started with Betterleaks, developers can access the tool through its official repository. Installation is straightforward, and the documentation provides clear guidance on how to configure and utilize its features effectively. As the tool continues to develop, users can look forward to new functionalities that will further enhance their ability to safeguard sensitive information.

In summary, Betterleaks represents a significant advancement in secret scanning technology, offering developers a powerful solution to protect their code from inadvertent exposure of sensitive information.

🔒 Pro insight: Betterleaks' high recall rate positions it as a vital tool for preventing credential leaks in modern DevSecOps practices.

Original article from

SC Media

Read Full Article

Share

Related Pings

LOWTools & Tutorials

Tools - oledump.py Version 0.0.85 Released

The latest version of oledump.py, 0.0.85, is now out! This update fixes newline issues in plugins, enhancing functionality for users. Download it now for improved performance and reliability.

Didier Stevens·
LOWTools & Tutorials

Codex Security - Why It Avoids Traditional SAST Reports

Codex Security is moving away from traditional SAST methods. Instead, it uses AI-driven techniques to find real vulnerabilities. This change reduces false positives and enhances security efficiency.

OpenAI News·
MEDIUMTools & Tutorials

Stellar Cyber 6.4.0 - Enhancing SOC with Autonomous Capabilities

Stellar Cyber has launched version 6.4.0, enhancing its platform with Autonomous SOC capabilities. This update helps security teams reduce alert noise and speed up investigations. With AI-driven tools, analysts can focus on critical incidents, improving overall efficiency and response times.

Help Net Security·
LOWTools & Tutorials

File Shredder - Permanently Delete Files with Confidence

Malwarebytes introduces File Shredder to ensure deleted files are permanently erased. This tool is essential for anyone concerned about data recovery and privacy. With multiple shredding levels, it caters to varying security needs, making it a must-have for sensitive information management.

Malwarebytes Labs·
LOWTools & Tutorials

Elastic Security - Get Started with Your AI Agent Today

Elastic Security has launched open-source Agent Skills for AI agents. This lets users set up a security environment quickly, enhancing their security capabilities. Explore how these skills can streamline your security processes and improve efficiency.

Elastic Security Labs·
MEDIUMTools & Tutorials

Betterleaks - New Open-Source Tool for Secrets Scanning

Introducing Betterleaks, a new open-source tool for scanning exposed credentials in directories and Git repositories. Developed by the creator of Gitleaks, it offers enhanced speed and accuracy. This tool is essential for developers and security teams aiming to protect sensitive information effectively.

Cyber Security News·