Technical Architecture
A multi-layered approach to secret detection with enterprise-grade performance.
5-Layer Scanner Architecture
Each layer adds context and confidence to secret detection, reducing false positives while maintaining comprehensive coverage.
Pattern Matching
Regex-based detection across 354+ patterns covering 50+ providers.
Entropy Analysis
Shannon entropy calculation to identify high-randomness strings.
Structural Analysis
Context-aware analysis of surrounding code structure.
Cross-File Detection
Correlation of secrets across multiple files and environments.
Historical Analysis
Git history analysis for secret exposure timeline.
DACD Confidence Engine
Dynamic Adversarial Confidence Decay - Our 7-factor confidence calculation system.
Confidence Factors
Base pattern match quality
Code context analysis
API verification result
Shannon entropy analysis
Multi-file correlation
Git history signals
ML Adjustment: Advisory-only with hard ±5% cap. Human decisions always take precedence.
Performance Benchmarks
Built for speed without compromising accuracy.
On typical codebases
For 10K signals
Pattern loading
Per signal in DACD engine
What Runs Where
Clear boundaries between local and cloud operations.
Runs Locally
- All 5 scanning layers
- Pattern matching
- Entropy calculation
- Structural analysis
- Cross-file detection
- Report generation
Cloud (Opt-in Only)
- API verification (Pro)
- Team dashboard sync
- Audit log archival
- Plugin webhooks
- Usage analytics