​Crenox Secret Scanner - Ultra-fast, context-aware Git secret scanner in Go

by
Crenox is an ultra-fast, zero-dependency Git secret scanner written in Go. Built for modern DevSecOps, it prevents API keys and credentials leaks in real-time. ​Why Crenox? Lightning Fast: Scans repos up to 30x faster than Gitleaks (under 35ms!). Context-Aware: 3-tier pipeline stops false positives by reading code context. Featherweight: Uses sync.Pool to run on just ~11MB of RAM. ​Keep your pipelines green and secure!

Add a comment

Replies

Best
💡 Bright idea

The context-aware approach is smart, would love to see a `--baseline` option that fingerprints known secrets in older commits so re-scans only flag genuinely new leaks instead of drowning the output with historical findings.

Hi Esmanur! Thank you so much for the kind words and the brilliant suggestion. ​You hit the nail on the head. Managing legacy/historical leaks without drowning the output of new commits is indeed a major pain point for developers. Implementing a --baseline flag to fingerprint and ignore existing secrets is a fantastic idea, and it's officially going straight to the top of our roadmap! ​I’ll definitely update you here once it’s shipped, or feel free to open an issue on our GitHub repo so you can track its progress directly. Thanks again for the awesome feedback!
Hi Product Hunt community! 👋 ​I'm Khalid Hani, the maker behind Crenox. I’m super excited to finally share this project with you all! ​Like many of you, I’ve experienced that sinking feeling of accidentally committing a sensitive API key or credentials to a repository. I built Crenox because I wanted a secret scanner that fits seamlessly into a developer's workflow—something lightning-fast (written in Go), lightweight (~11MB RAM), and smart enough to understand code context to actually reduce noise (fewer false positives). ​Whether you're a seasoned DevSecOps pro or just looking to secure your personal projects, I designed Crenox to keep your pipelines green and your secrets safe without slowing you down. ​I'm incredibly grateful for the support so far, and I’d love to hear your thoughts! What’s your biggest frustration with current secret scanning workflows? Any features you'd love to see? Let me know in the comments—I'm all ears! 🚀 ​Thanks for checking it out!