Betterleaks - New Open-Source Tool for Secrets Scanning
Basically, Betterleaks is a tool that helps find hidden passwords in code files.
Introducing Betterleaks, a new open-source tool for scanning exposed credentials in directories and Git repositories. Developed by the creator of Gitleaks, it offers enhanced speed and accuracy. This tool is essential for developers and security teams aiming to protect sensitive information effectively.
What It Does
Betterleaks is an innovative open-source tool designed to scan directories, files, and Git repositories for exposed credentials. Created by the developer of the popular Gitleaks tool, Betterleaks aims to enhance the scanning process with improved speed and accuracy. Sponsored by Aikido Security, this tool is a highly configurable successor that retains the same command-line interface (CLI) options as its predecessor, making it easy for users to transition.
The tool is built on a pure Go architecture, which allows it to run seamlessly across different environments. One of its standout features is the Token Efficiency Scanning, which employs a technique based on BPE tokenization. This method boasts an impressive 98.6% recall rate, significantly outperforming older entropy-based techniques used in previous tools. Betterleaks is designed to be a drop-in replacement for Gitleaks, ensuring that existing configurations work immediately.
Key Features
Betterleaks introduces several major advancements over Gitleaks. The tool's Rule-Defined Validation is written using the Common Expression Language (CEL), making it easier for the community to contribute new rules for emerging services. Additionally, it features Default Encoding Detection, which automatically identifies secrets hidden by multiple layers of encoding. The tool also supports Parallelized Git Scanning, allowing it to scan repositories much faster than existing alternatives.
The development team behind Betterleaks consists of four security experts with backgrounds in major companies like Red Hat and Amazon. This collaborative approach ensures a stable and community-driven development roadmap. The project is maintained under an open-source MIT license, allowing for broad community involvement and contributions.
Future Plans
Looking ahead, the Betterleaks team has ambitious plans for future releases. The roadmap includes expanding the scanning capabilities beyond just Git repositories and files. They aim to integrate LLM-assisted secret classification using anonymized data, which will enhance the tool's ability to identify sensitive information.
Additional features, such as auto-revocation of exposed credentials via provider APIs and permissions mapping to understand access levels granted by leaked secrets, are also in the works. These enhancements will make Betterleaks an even more powerful tool for developers and security teams, especially in AI-driven environments.
How to Get Started
Betterleaks is available on GitHub, where users can download the tool and access documentation for setup and usage. The development team encourages contributions from the community to expand its capabilities further. As the tool evolves, it promises to be a critical asset for anyone involved in software development and security, helping to protect sensitive information from being exposed in code.
With Betterleaks, developers and security teams can automate the scanning process, ensuring that their code remains secure and free from vulnerabilities that could lead to data breaches. The collaborative nature of its development ensures that it stays relevant and effective in an ever-changing cybersecurity landscape.
Cyber Security News