A new open-source tool named Betterleaks has been introduced as a direct and more advanced successor to the widely-used Gitleaks scanner. Designed to scan directories, files, and Git repositories, Betterleaks identifies valid secrets—such as credentials, API keys, private keys, and tokens—using either default or customized detection rules. These secret scanners are critical cybersecurity utilities that help developers and security teams discover sensitive information accidentally committed to source code, thereby preventing potential breaches before threat actors can exploit them. The tool is maintained by the original Gitleaks team with support from Aikido Security, a Belgian company specializing in development cycle security platforms.
Betterleaks is the brainchild of Zach Rice, Head of Secrets Scanning at Aikido Security, who originally authored Gitleaks—a tool with over 26 million downloads on GitHub and more than 35 million pulls across Docker and the GitHub Container Registry. Rice initiated the new project after losing full control over Gitleaks, which he began developing eight years ago. In his announcement, Rice stated, "Betterleaks is the successor to Gitleaks. We're dropping the 'git' and slapping 'better' on it because that's what it is, better." The tool promises enhanced features and improved performance, aiming to set a new standard in secret detection for modern development workflows.
The release of Betterleaks comes amid a landscape of significant cybersecurity incidents, underscoring the persistent need for robust security tooling. Recent headlines include the FBI seeking victims of Steam games used to distribute malware, a cyberattack targeting Poland's nuclear research centre, and Microsoft addressing a Windows 11 issue where users couldn't access the C: drive on some Samsung PCs. Additionally, law enforcement agencies have sinkholed 45,000 IP addresses in a major cybercrime crackdown, while threats like the hijacking of the AppsFlyer Web SDK to spread crypto-stealing JavaScript code highlight the evolving attack vectors. In this context, tools like Betterleaks provide a proactive defense layer by ensuring that secrets do not leak into public or internal repositories, thereby reducing the attack surface.
Looking ahead, Betterleaks is positioned to become an essential component in the DevSecOps toolkit, integrating seamlessly into CI/CD pipelines to automate secret detection. Its development reflects a broader industry trend towards open-source security solutions that are both accessible and highly effective. As cyber threats grow in sophistication—evidenced by Microsoft's recent out-of-band hotpatch for a Windows 11 RRAS RCE flaw and ongoing malware campaigns—the cybersecurity community will likely embrace Betterleaks for its modernized approach. By replacing Gitleaks with a more capable alternative, the tool aims to empower organizations to secure their codebases more efficiently, ultimately contributing to a stronger overall security posture in an increasingly digital world.
