Developer builds Sentinel, a regex-free Go-based secret scanner for CI/CD pipelines

·1 views

A developer has released Sentinel, an open-source secret scanning tool written in Go, designed to overcome performance issues found in existing tools like Gitleaks and TruffleHog. Unlike traditional scanners, Sentinel uses an Aho-Corasick automaton engine to scan payloads in O(n) linear time, eliminating the risk of catastrophic backtracking on large files. The tool also includes a pre-decoding layer for Base64 strings and aggregates multi-line certificates into single alerts to reduce noise. In testing against a 15MB stress payload containing over 100 structural baits, Sentinel completed the scan in approximately 1.5 seconds with a perfect signal-to-noise ratio. The project is fully open-source under the AGPL-3.0 license and is available on GitHub for community review and feedback.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Dev builds AI side panel Chrome extension in two weekends, struggles with distribution

A developer built and shipped a Chrome extension in roughly 30 hours across two weekends, allowing users to highlight text on any webpage and receive AI-generated replies in a persistent side panel. The extension supports four AI models — OpenAI, Claude, DeepSeek, and Gemini — with the user's API key stored locally and no backend required. A key technical hurdle was a Content Security Policy issue that prevented direct API calls from the side panel, requiring a workaround using Chrome's background service worker and message-passing system. After Chrome Web Store approval and posts on Reddit, X, and Indie Hackers, the extension attracted only 15 users over five weeks. The developer concluded that while rapid building is achievable, user distribution remains the harder and more consequential challenge.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Global KYB Failures Cost Firms £1.23bn in H1 2025 as Audit Gaps Persist

Global organisations faced £1.23 billion in KYC/AML penalties in the first half of 2025, with TD Bank's £3 billion fine serving as a prominent example of systemic compliance failure. Regulators found that TD Bank's fragmented KYB processes could not coherently reconstruct beneficial ownership data when questioned, despite the information existing within the organisation. Analysis of 2025 penalties reveals a consistent pattern: firms either collected the wrong data, failed to verify it properly, or could not retrieve it on demand. Across major frameworks including EU AMLD5/6, the US Corporate Transparency Act, and UK Money Laundering Regulations 2017, compliance obligations converge on four pillars — customer identification, due diligence, sanctions screening, and audit-ready recordkeeping. Experts warn that treating KYB as a series of disconnected checks rather than one coherent, auditable system is the root cause of most implementation failures.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Chrome's Native Barcode Detection API Enables Zero-Dependency Browser Scanning

Google's BarcodeDetector API, enabled by default in Chrome 134, allows developers to build barcode scanning apps without third-party libraries or paid licenses. Available on 94% of global Chrome installs as of June 2026, the API is backed by Google's ML stack and supports formats including QR, Code 128, UPC-A, and EAN-13. In testing across 500 real product barcodes under varied lighting, the native API outperformed JavaScript alternatives Zxing and QuaggaJS in both accuracy and speed. A developer and former Amazon warehouse manager used the API to build a fully offline-capable Progressive Web App for inventory tracking in under 200 lines of vanilla JavaScript. The main limitations are its Chrome-only availability — Firefox and Safari have yet to implement it — and restricted input sources, which can cause focus issues with very close or small barcodes.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

ChatGPT Gets Finance Access, GPT-5.6 Stalled, Japan Funds AI Anime Subs

OpenAI has rolled out a Personal Finance feature to all ChatGPT Plus subscribers, allowing users to connect bank accounts directly to the platform, raising privacy considerations. Separately, OpenAI's new GPT-5.6 model family — comprising Sol, Terra, and Luna — has been held back from release following White House intervention, with OpenAI itself acknowledging the setup should not become a permanent default. The models have publicly listed pricing, with general availability expected within weeks. Japan's Ministry of Economy, Trade and Industry (METI) has announced a $70 million investment to subsidize AI-powered anime translation and localization, covering 50% of costs for major partners including Crunchyroll, Bandai Namco, and Kodansha. The initiative aims to triple the global official anime subscriber base from 100 million to 300 million, drawing on the success of South Korea's cultural export strategy through KOCCA.

0 comments Read more at DEV Community