Betterleaks launches as Gitleaks creator’s faster open-source successor for secrets scanning

Betterleaks, a new open-source secrets scanner from Gitleaks creator Zach Rice, has launched as a drop-in replacement for the older tool. Rice says the new project keeps compatibility with existing Gitleaks CLI options and configs while adding faster scanning, configurable validation, and broader support for modern development workflows.

The project matters because secret scanning remains one of the simplest ways to catch exposed credentials before attackers do. Developers still accidentally commit API keys, tokens, and private credentials into source code, and public repositories remain a common hunting ground for threat actors looking for exposed access. Betterleaks aims to improve that workflow without forcing teams to relearn the tool they already use.

Rice, now Head of Secrets Scanning at Aikido Security, describes Betterleaks as the successor to Gitleaks. He says he no longer has full control over the Gitleaks repository and name, which pushed him to start a fresh project. In his launch post, he says Betterleaks is “the successor to Gitleaks” and positions it as a faster and more flexible alternative built for both humans and AI-driven tooling.

At launch, Betterleaks ships with several technical changes that go beyond a simple rebrand. The project adds rule-defined validation using CEL, token-efficiency scanning based on BPE tokenization instead of entropy, automatic handling of doubly and triply encoded secrets, a pure Go implementation without CGO or Hyperscan, and parallelized Git scanning for faster repository analysis. Rice says the token-efficiency model reached 98.6% recall on the CredData dataset, compared with 70.4% for entropy-based detection.

The timing also shows that the project has already moved beyond a bare announcement. GitHub’s release page shows Betterleaks v1.1.0 went live on March 5, 2026, which suggests the tool entered public development shortly before the broader media coverage this week. The repository describes Betterleaks as “a better secrets scanner” focused on configurability and speed.

Governance looks broader than a solo-maintainer effort. Rice says three additional maintainers are involved, with contributors from the Royal Bank of Canada, Red Hat, and Amazon helping guide the project. He also says Betterleaks is released under the MIT license and sponsored by Aikido, while remaining an independent open-source project with a community-driven roadmap.

The roadmap goes further than Git repository scanning. Rice says version 2 is expected to add more input sources, LLM-assisted analysis, new filters, auto-revocation through provider APIs, permission mapping, and more performance work. He also says Betterleaks is being designed for the “agentic era,” with command-line behavior meant to work well with coding agents such as Claude Code, Codex, and Cursor.

What Betterleaks adds

All of these features come from Rice’s launch post and the project repository.

Why this launch matters

• It comes from the original creator of Gitleaks, not a third-party fork.
• It aims to preserve compatibility for existing Gitleaks users, which lowers migration friction.
• It replaces entropy-heavy filtering with token-efficiency detection, which Rice says improves recall substantially.
• It has an active release stream already, with v1.1.0 published in early March 2026.
• It is positioned for both developer workflows and AI agent workflows, which reflects how code scanning tools now fit into automated pipelines.

FAQ