It helps developers identify sensitive information accidentally committed to their codebases. I designed it to be lightweight, easy to use, and powerful enough for CI/CD integration.

Key Features: Comprehensive scanning: Detects API keys, tokens, credentials, and other secrets using regex patterns and entropy analysis Git history support: Scans not just current files but also git history with branch selection and date range filtering Intuitive output: Color-coded results with severity levels (Critical, High, Medium, Low) Performance optimized: Fast scanning with git commit caching and efficient file traversal Highly configurable: Customize patterns, exclusions, and scanning behavior via TOML config Multiple output formats: Human-readable text and JSON/SARIF for CI/CD integration

Why I built it: This started as a weekend hobby project to solve my own needs. After trying several secret scanning tools, I found most were either too heavyweight, lacked git history support, or were difficult to customize. I wanted to create something simple yet powerful that I'd enjoy using myself - fast enough for local development but comprehensive enough for security audits.

Tech stack: Built in Rust for performance and cross-platform compatibility. Available as pre-built binaries for Linux, Windows, and macOS. Try it out and let me know what you think! Contributions welcome, especially new detection patterns and process improvements (total Rust noob)