Zach Rice, the original creator of the widely popular secret scanning tool Gitleaks, has officially launched its successor, Betterleaks.
Sponsored by Aikido Security, this new open-source project aims to be a faster, smarter, and highly configurable replacement for finding hardcoded secrets in codebases.
After losing full administrative control over the original Gitleaks repository, Rice joined Aikido as the Head of Secrets Scanning to build a tool that improves upon every aspect of his previous work.
Betterleaks is designed as a drop-in replacement for its predecessor, meaning existing command-line interface options and configurations will work straight out of the box.
However, beneath the surface, the engine has been entirely overhauled to deliver superior performance and accuracy.
The project is open-sourced under the MIT license and brings together a team of experienced co-maintainers from organizations like Red Hat, Amazon, and the Royal Bank of Canada to ensure long-term stability and robust community governance.
Key Features of Betterleaks
- Rule defined validation uses the Common Expression Language (CEL) to create highly customizable and accurate filtering logic.
- Token efficiency scanning replaces traditional entropy methods with BPE tokenization, boosting detection recall rates to 98.6% compared to the old 70.4%.
- The tool is written in pure Go without relying on CGO or Hyperscan, making it incredibly easy to deploy quickly in any environment.
- Default encoding detection automatically identifies and handles doubly and triply encoded secrets that might otherwise slip through basic scans.
- Parallelized git scanning allows the tool to process extensive repository histories faster than competing solutions.
- Community-driven rule expansion ensures the scanner stays updated with the latest service providers and authentication tokens.
The development team already has an ambitious roadmap planned for the upcoming Version 2 release.
Future features include the ability to easily scan any custom data source, automated secret revocation via provider APIs, and permissions mapping to determine exactly what a compromised secret can access.
Aikido Security team also intends to integrate an LLM assist feature, which will use anonymized data to classify generic secrets and suggest potential authentication methods based on surrounding context.
Additionally, Betterleaks was built specifically with the emerging era of AI agents in mind.
As developers increasingly rely on tools like Claude Code and Cursor, AI agents need efficient command-line utilities to securely scan the code they generate without exhausting token limits.
Betterleaks provides tight output controls and fast execution, making it a perfect tool for AI assistants to integrate directly into automated security workflows or bug bounty hunting.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
