Skip to content

EZ-SniffKey v1.0.0

Latest

Choose a tag to compare

@edenaion edenaion released this 21 Jun 20:12
v1.0.0
3508cca

GPU-powered secret scanner. 1179 detectors compiled into a single Rust binary. Scans source trees, git history, stdin, and Docker images.

Highlights

☼ 1179 built-in detectors (957 native + 222 ported from gitleaks, MIT)
☼ Four prefilter backends with identical, parity-tested results: CUDA (PTX) > WGPU (Vulkan/DX12/Metal) > SIMD (memchr) > CPU Aho-Corasick
☼ Decode-through: base64, JWT, Kubernetes Secrets, Docker config, Helm/Jinja
☼ Multiline reassembly, Unicode normalization, confidence scoring
☼ Git scanning (staged / diff / history), incremental, parallel
☼ Output: colored text, JSON (redacted by default), SARIF 2.1.0
☼ Daemon, watch, TUI, Docker image scan, Bayesian calibration
☼ Pre-commit hook, config (.sniffkey.toml), suppression (.sniffkeyignore)

Benchmark

On Samsung CredData (labeled-only): P=0.84 R=0.56 F1=0.67, ahead of gitleaks (P=0.86 R=0.45 F1=0.59).

Install

Build from source (Rust 1.80+):

```bash
git clone https://github.com/edenaion/EZ-SniffKey.git
cd EZ-SniffKey
cargo build --release
```

MIT licensed. Built by EZSCAPE.