Zero-Leaks

ZeroLeaks is a security-focused tool designed to scan public GitHub repositories for exposed API keys and other critical vulnerabilities.

Comment

Inspiration

While casually scrolling through social media, we came across a video demonstrating how exposed API keys on GitHub can be easily discovered and exploited. Driven by curiosity, we tried it ourselves—and to our surprise, we uncovered three valid API keys within minutes. That alarming moment made us realize how vulnerable many projects are, which inspired us to build ZeroLeaks.

What it does

ZeroLeaks scans your codebase—especially GitHub repositories—for exposed secrets like API keys, credentials, and tokens. It not only detects potential leaks but also provides actionable insights to help developers patch those vulnerabilities quickly and securely.

How we built it

We built ZeroLeaks using a combination of static code analysis tools, GitHub API integration, and secret detection libraries. Our backend identifies exposed keys based on common patterns, and the frontend presents the findings in a clear and developer-friendly dashboard.

Challenges we ran into

One major challenge was that it was taking too much time on reading every files. Also, backend deployment was one of the major issue as we didn't have any credits for server. Besides, it was troublesome to integrate CopilotKit into our project but we finally were successful.

Accomplishments that we're proud of

We're proud that ZeroLeaks was able to detect real, valid API keys during our initial testing phase. It validated the core problem and our solution. We also succeeded in building an intuitive interface that even beginner developers can use to secure their projects.

What we learned

We learned just how common secret exposure is and how quickly attackers can exploit them. We also gained deeper experience in building secure, scalable developer tools and working with real-world code patterns.

What's next for ZeroLeaks

We plan to add real-time GitHub monitoring, secret revocation suggestions, and integration with CI/CD pipelines to automatically flag vulnerabilities before code gets merged. Ultimately, we aim to become a go-to tool for developers to safeguard their code.

Built With

  • copilotkit
  • fastapi
  • langgraph
  • nextjs
  • python
Share this project:

Updates