Container Images
Stream layers directly from Docker Hub, GCR, ECR, and ACR. No disk extraction needed.
They hide in container images, Helm charts, CI/CD artifacts, and nested archives. The things that actually run in production. Redactyl finds them all, without extracting to disk.
Container Images
Stream layers directly from Docker Hub, GCR, ECR, and ACR. No disk extraction needed.
Helm Charts
Parse Chart.yaml, values.yaml, and every template. Catch secrets in your Kubernetes deployments.
K8s Manifests
Auto-detect Kubernetes resources. Scan Secrets, ConfigMaps, and env vars in Pods and Deployments.
Nested Archives
Recursively scan archives within archives. Virtual paths track secrets through every layer.
Interactive TUI
Vim-style navigation, severity filtering, and bulk actions. Open findings in your editor, baseline known secrets, or export results.
Gitleaks Detection
200+ detection rules from the Gitleaks community. We focus on artifact intelligence, not reinventing regex.
Registry Streaming
Scan remote images directly from any registry. Layers stream into memory, never touching disk.
Remediation Tools
Forward fixes with redact and dotenv commands. History rewriting with git filter-repo integration and safety backups.
Audit Logging
Immutable JSONL audit trail for compliance. Track findings over time with timestamped scan history.
Privacy First
Zero telemetry by default. Self-hosted friendly. Your secrets and source code never leave your infrastructure.
Native integrations for GitHub Actions, GitLab CI, Azure Pipelines, and Bitbucket. SARIF output for GitHub Code Scanning alerts. See the CI/CD integration guides.
# macOS / Linux (Homebrew)brew install varalys/tap/redactyl
# Gogo install github.com/varalys/redactyl@latestThen run redactyl scan for your first scan. Free and open source under Apache 2.0, with zero telemetry.