REPO·RANK #725·2/6 firing·Go
Rank#725Go
Cross-signal0.80 / 6.0
Quietly building. and Bluesky buzz (1 posts / 7d) and dev.to writeups (1 articles / 7d). Reddit and X are still cold — typical for a niche project at this stage.
Cross-signal · 30D+1%
GitHubQUIET+0 stars24h
HackerNewsQUIET0 posts7d
RedditQUIET0 posts7d
BlueskyFIRING1 posts7d
Dev.toFIRING1 posts7d
XQUIET0 posts7d
Stars27k+0 7d+0 today
Forks2.0k+0 7d8% fork ratio
Contribs5+0 30dteam-led
Momentum11.92.1stars-velocity score
SurfaceTHIN1 / 6last commit
Coverage3 / 13 sources fired (7d)
·11
gitleaks/gitleaks sits at 27,031 GitHub stars with steady Go traction — organic growth keeps it on the trending list.
// 01 · GITHUB MOMENTUM
11.9
0 stars 24h | 0 7d
// 02 · MENTIONS
10
0 in 24h | 1 source
// 03 · CROSS-SIGNAL
0.80
2/6 channels firing
// 04 · PACKAGE ADOPTION
-
no linked package yet
// 05 · PROJECT SURFACE
thin
last commit
// 01
Breakdown
How is this scored?
- 6.0
- strong signal across ≥5 of 6 channels
- 5.0
- strong signal across ≥4 of 6 channels
- 4.0
- strong signal across ≥3 of 6 channels
- 3.0+
- active on 2+ channels
- <1.0
- low or no cross-channel activity
Each channel contributes 0-1. Per-channel tiers: GitHub (breakout 1.0 / hot 0.7 / rising 0.4), HN (front-page 1.0 / ≥3 mentions 0.7 / 1-2 mentions 0.4), Bluesky (≥5 mentions 1.0 / 2-4 0.7 / 1 0.4), dev.to (≥3 articles 1.0 / 2 0.7 / 1 0.4), Reddit (corpus-normalized 48h velocity), X (≥10 mentions 24h 1.0 / 3-9 0.7 / 1-2 0.4).
- GitHub momentum0.00
- Reddit0.00
- HackerNews0.00
- Bluesky0.40
- dev.to0.40
- X (Twitter)0.00
* Reddit bar shows a per-repo velocity proxy (raw score / 100); the score formula uses the corpus-normalized version so a single repo's bar may not match its contribution to the corpus-wide ranking.
// KNOWN REPO · PACKAGE · LAUNCH · SITE SURFACES
GitHubgitleaks/gitleaks27k starsWebsitegitleaks.iosite found; profile scan queued
Docspendingdocs scanner pending
npmnoneno linked npm package
ProductHuntnoneno launch linked
Paper/modelpendingHF/arXiv resolver not attached yet
// 02
Growth
Today
27k
+22 last 24h
7d
+375
1% wow
30d
+650
2% mom
Spike
+26.4k/d
· peak day
// 03
Mentions
// last scanreddit 32mhn 52mbluesky 1d*devto 2hph 1d*npm 1h
- X→ OPEN
マネフォの件、gitleaksとかで防げただろうなぁと思ったら書いてる記事があって素晴らしい zenn.dev/awesome_kou/article…▶ Twitter - X→ OPEN
1600+ regex patterns for detecting secrets, API keys, tokens, and passwords. 💀🔥 This open-source database can directly improve your secret scanning pipelines (TruffleHog, Gitleaks, etc.). If you're doing AppSec seriously, this is worth integrating. github.com/mazen160/secrets-… #AppSec #CyberSecurity #Infosec▶ Twitter - X→ OPEN
We had a ton of great code review tips on episode 172, here's some of them on finding pre-auth attack surface: •⠀Devs strip the //# sourceMappingURL line at the bottom of JS files but sometimes forget to delete the .map file. Appending .map to any JS URL works, or check the Sources tab in DevTools. •⠀/.git/config and /.git/HEAD returning content (not 404) means the repo pulls with git-dumper or GitTools Dumper. Full history includes deleted files, so trufflehog or gitleaks across all commits often surfaces "removed" secrets. •⠀Searching unique error messages, internal service names, or target-specific filenames on GitHub, Sourcegraph, and grep\.app turns up config files and source committed by integrators or freelancers. •⠀Map auth middleware on every route before reading a single handler, the unauth rows are the highest priority targets. Rhyno found the Grafana SSRF this way, /avatar/:hash was missing reqSignedIn while neighbouring API routes had it. •⠀WebSocket handlers, GraphQL queries/mutations, gRPC RPCs, background job queues, and file upload handlers outside the main flow all sit outside HTTP auth middleware and tend to get forgotten when reviewing routes for unauth surface. •⠀OAuth/OIDC callbacks are unauthenticated by design, so the bugs aren't about missing auth, they're about missing state validation, unvalidated next or redirect_uri params, and reusable authorization codes.▶ Twitter - X→ OPEN
わかりやすい。secretlintはfalse-positiveを避けるために、厳密にチェックできないものはrecommendedには入れてないかも。 [Claude Code] env scrubで何が消えるのか確認し、secretlint・gitleaksでシークレット漏洩を多層防御する | DevelopersIO dev.classmethod.jp/articles/…▶ Twitter - X→ OPEN
Gitleaks est un projet open-source sous licence MIT, permettant de détecter les secrets comme les mots de passe, clés API et tokens dans des dépôts Git, fichiers ou flux d'entrée standard. Facile à ajouter à vos pipeline d'intégration continue ⬇️ github.com/gitleaks/gitleaks▶ Twitter - X→ OPEN
Secrets & JS Analysis tools for bug bounty hunters: 1. TruffleHog - github.com/trufflesecurity/t… 2. Gitleaks - github.com/gitleaks/gitleaks 3. KeyHacks - github.com/streaak/keyhacks 4. SecretFinder - github.com/m4ll0k/SecretFind… 5. JSLuice - github.com/BishopFox/jsluice 6. jsleak - github.com/byt3hx/jsleak 7. JSAnalyzer - github.com/jenish-sojitra/JS… 8. Nosey Parker - github.com/praetorian-inc/no… 9. GitDorker - github.com/obheda12/GitDorke… 10. git-dumper - github.com/arthaud/git-dumpe… 11. GitTools - github.com/internetwache/Git… 12. Badsecrets - github.com/blacklanternsecur… 13. Secrets Patterns DB - github.com/mazen160/secrets-… 14. Detect-Secrets - github.com/Yelp/detect-secre… 15. Git-Secrets - github.com/awslabs/git-secre… 16. Hardcoded Token Hunter - github.com/KingOfBugbounty/H… 17. Dependency Confusion Hunter - github.com/KingOfBugbounty/D… 18. github-search - github.com/gwen001/github-se… 19. Secrets[.]ninja - secrets.ninja Drop the ones I'm missing #BugBounty #BugBountyTips #Secrets #JSAnalysis #Cybersecurity▶ Twitter - X→ OPEN
Gitの履歴やファイルをスキャンして、パスワードやトークンなどの100種類以上のパターンの機密情報を検知してくれるツール🔑 Gitのpre-commit hookに仕込めば、強制的にブロックできる。AIコーディングするならガードレールとして標準的に設定しておきたい github.com/gitleaks/gitleaks▶ Twitter - X→ OPEN
ソースコードに認証キーなどのクレデンシャル情報が含まれてないかは、GitHub Enterprise の Advanced Security に含まれるコードスキャンで検知できる。それなりにお高いし、Enterprise ではない組織も多いと思うので、Gitleaks を定期実行して潰していくのがおすすめです github.com/gitleaks/gitleaks▶ Twitter - X→ OPEN
🔍 Gitleaks github.com/gitleaks/gitleaks git 저장소를 스캔하여 하드코딩된 비밀번호, API 키, 토큰 같은 민감한 정보를 찾아내는 도구! 개발을 하다 보면 누구나 한 번쯤 아차!! 하는 순간이 찾아오죠. 테스트를 위해 잠시 넣어둔 API 키나 DB 비밀번호가 포함된 코드를 무심코 커밋하고 푸시하는 실수를 할 수 있어요. 단순히 현재 코드만 보는 게 아니라, Git의 모든 커밋 히스토리를 뒤져서 과거에 실수로 올렸다가 지운 흔적까지 찾아낸다는 점이 강력합니다. Pre-commit Hook 잊지 맙시다..!!▶ Twitter - X→ OPEN
github.com/gitleaks/gitleaks▶ Twitter
// 04
Context
Scanning code, past or present, for secrets
- United States of America
- https://gitleaks.io
- @gitleaks
- 6 public repos
- 309 followers
- TecharoHQ/anubisGo · 19.4k stars
Weighs the soul of incoming HTTP requests to stop AI crawlers
- google/osv-scannerGo · 10.2k stars
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
- charmbracelet/crushGo · 24.4k stars
Glamourous agentic coding for all 💘
- vllm-project/semantic-routerGo · 4.2k stars
System Level Intelligent Router for Mixture-of-Models at Cloud, Data Center and Edge
- Tencent/WeKnoraGo · 15.1k stars
Open-source LLM knowledge platform: turn raw documents into a queryable RAG, an autonomous reasoning agent, and a self-maintaining Wiki.
- looplj/axonhubGo · 3.8k stars
⚡️ Open-source AI Gateway — Use any SDK to call 100+ LLMs. Built-in failover, load balancing, cost control & end-to-end tracing.
// 05Deep dive
// STARS27k—/ 7d
// FORKS2.0k—/ 7d
// CONTRIBUTORS5—/ 30d
Open Issues243
Last Commit
Latest Release—
// TREND24h07d030d+151
X🔥
Ranked confirmation layer for repo-specific X buzz in the last 24h.
Mentions 24h
127
Authors 24h
66
Engagement
3.0k
Peak hour
06:47
Score
100.0
Breakout on X in the last 24h. 127 matched posts across 66 authors.
Top matched posts
- @kameneko1004769 eng
マネフォの件、gitleaksとかで防げただろうなぁと思ったら書いてる記事があって素晴らしい zenn.dev/awesome_kou/article…
mediumphrase1d agoopenMatched through a repo-specific project phrase query.
- @BugBountyCenter665 eng
Secrets & JS Analysis tools for bug bounty hunters: 1. TruffleHog - github.com/trufflesecurity/t… 2. Gitleaks - github.com/gitleaks/gitleaks 3. KeyHacks - github.com/streaak/keyhacks 4. SecretFinder - github.com/m4ll0k/SecretFind… 5. JSLuice - github.com/BishopFox/jsluice 6. jsleak - github.com/byt3hx/jsleak 7. JSAnalyzer - github.com/jenish-sojitra/JS… 8. Nosey Parker - github.com/praetorian-inc/no… 9. GitDorker - github.com/obheda12/GitDorke… 10. git-dumper - github.com/arthaud/git-dumpe… 11. GitTools - github.com/internetwache/Git… 12. Badsecrets - github.com/blacklanternsecur… 13. Secrets Patterns DB - github.com/mazen160/secrets-… 14. Detect-Secrets - github.com/Yelp/detect-secre… 15. Git-Secrets - github.com/awslabs/git-secre… 16. Hardcoded Token Hunter - github.com/KingOfBugbounty/H… 17. Dependency Confusion Hunter - github.com/KingOfBugbounty/D… 18. github-search - github.com/gwen001/github-se… 19. Secrets[.]ninja - secrets.ninja Drop the ones I'm missing #BugBounty #BugBountyTips #Secrets #JSAnalysis #Cybersecurity
highurl1d agoopenContains the canonical GitHub repository URL.
- @yokawasa502 eng
Gitの履歴やファイルをスキャンして、パスワードやトークンなどの100種類以上のパターンの機密情報を検知してくれるツール🔑 Gitのpre-commit hookに仕込めば、強制的にブロックできる。AIコーディングするならガードレールとして標準的に設定しておきたい github.com/gitleaks/gitleaks
highurl1d agoopenContains the canonical GitHub repository URL.
- @rotomx438 eng
ソースコードに認証キーなどのクレデンシャル情報が含まれてないかは、GitHub Enterprise の Advanced Security に含まれるコードスキャンで検知できる。それなりにお高いし、Enterprise ではない組織も多いと思うので、Gitleaks を定期実行して潰していくのがおすすめです github.com/gitleaks/gitleaks
highurl1d agoopenContains the canonical GitHub repository URL.
- @VivekIntel116 eng
1600+ regex patterns for detecting secrets, API keys, tokens, and passwords. 💀🔥 This open-source database can directly improve your secret scanning pipelines (TruffleHog, Gitleaks, etc.). If you're doing AppSec seriously, this is worth integrating. github.com/mazen160/secrets-… #AppSec #CyberSecurity #Infosec
mediumphrase1d agoopenMatched through a repo-specific project phrase query.
- @lucas_flatwhite113 eng
🔍 Gitleaks github.com/gitleaks/gitleaks git 저장소를 스캔하여 하드코딩된 비밀번호, API 키, 토큰 같은 민감한 정보를 찾아내는 도구! 개발을 하다 보면 누구나 한 번쯤 아차!! 하는 순간이 찾아오죠. 테스트를 위해 잠시 넣어둔 API 키나 DB 비밀번호가 포함된 코드를 무심코 커밋하고 푸시하는 실수를 할 수 있어요. 단순히 현재 코드만 보는 게 아니라, Git의 모든 커밋 히스토리를 뒤져서 과거에 실수로 올렸다가 지운 흔적까지 찾아낸다는 점이 강력합니다. Pre-commit Hook 잊지 맙시다..!!
highurl1d agoopenContains the canonical GitHub repository URL.
- @ctbbpodcast107 eng
We had a ton of great code review tips on episode 172, here's some of them on finding pre-auth attack surface: •⠀Devs strip the //# sourceMappingURL line at the bottom of JS files but sometimes forget to delete the .map file. Appending .map to any JS URL works, or check the Sources tab in DevTools. •⠀/.git/config and /.git/HEAD returning content (not 404) means the repo pulls with git-dumper or GitTools Dumper. Full history includes deleted files, so trufflehog or gitleaks across all commits often surfaces "removed" secrets. •⠀Searching unique error messages, internal service names, or target-specific filenames on GitHub, Sourcegraph, and grep\.app turns up config files and source committed by integrators or freelancers. •⠀Map auth middleware on every route before reading a single handler, the unauth rows are the highest priority targets. Rhyno found the Grafana SSRF this way, /avatar/:hash was missing reqSignedIn while neighbouring API routes had it. •⠀WebSocket handlers, GraphQL queries/mutations, gRPC RPCs, background job queues, and file upload handlers outside the main flow all sit outside HTTP auth middleware and tend to get forgotten when reviewing routes for unauth surface. •⠀OAuth/OIDC callbacks are unauthenticated by design, so the bugs aren't about missing auth, they're about missing state validation, unvalidated next or redirect_uri params, and reusable authorization codes.
mediumphrase1d agoopenMatched through a repo-specific project phrase query.
- @gkpacker73 eng
github.com/gitleaks/gitleaks
highurl1d agoopenContains the canonical GitHub repository URL.
- @azu_re33 eng
わかりやすい。secretlintはfalse-positiveを避けるために、厳密にチェックできないものはrecommendedには入れてないかも。 [Claude Code] env scrubで何が消えるのか確認し、secretlint・gitleaksでシークレット漏洩を多層防御する | DevelopersIO dev.classmethod.jp/articles/…
mediumphrase1d agoopenMatched through a repo-specific project phrase query.
- @ponceto9131 eng
Gitleaks est un projet open-source sous licence MIT, permettant de détecter les secrets comme les mots de passe, clés API et tokens dans des dépôts Git, fichiers ou flux d'entrée standard. Facile à ajouter à vos pipeline d'intégration continue ⬇️ github.com/gitleaks/gitleaks
highurl1d agoopenContains the canonical GitHub repository URL.