88%
+11pp YoYof basic web application attacks involve stolen credentials.
Code your AI writes ends up in more places than you'd want. Scrapers pull it from public commits in almost real time, client bundles ship it to every visitor's browser, and today's commits train tomorrow's models. Trestle works alongside your AI assistant, scanning every file and every commit, so your secrets stay yours.
I'll write the client and use trestle to verify it doesn't leak any secrets.
Found a hardcoded API key. I'll move it to .env and reference it via process.env.API_KEY.
Done. The key is now in .env (already gitignored). Set API_KEY on your deployment environments too.
88%
+11pp YoYof basic web application attacks involve stolen credentials.
$4.44M
global average cost of a data breach in 2025.
94days
median time to remediate a secret leaked to a GitHub repository.
8min
for an AI-assisted attacker to go from a leaked credential to AWS admin access.
A local secret scanner that plugs into your editor, your AI assistant, and your CI. Every file and every commit gets checked before it leaves your machine.
Catches hundreds of real credential patterns, and can still flag unfamiliar keys by looking at entropy, variable names, and surrounding context.
MCP server for Claude Code, Cursor, Copilot, Codex, and any MCP-aware tool. Native VS Code extension. Language server for Neovim, Helix, Zed, JetBrains, and any LSP-aware editor.
Every finding ships with the steps to extract the secret out of source, what to put in your .env locally, and per-platform rotation steps tailored to the deployment targets it finds in your repo.
Language parsers, not just regular expressions. Trestle can tell apart environment variables, build arguments, headers, parameters, and source code variables and constants, so the right rule applies to the right kind of value.
Follows a secret value through the code, not just where it is declared. It's traced across assignments, function calls, and templates, and flagged when it reaches an output where it would be exposed.
Checks each detected secret against its provider to confirm whether the credential is still active, so a working leak stands out from one that was already rotated. These checks need the network, so they come as a separate binary; the main scanner stays offline.
One static binary. trestle scan, plus trestle watch for live rescans. Auto-installed pre-commit hook stops bad commits.
Runs entirely on your machine. No network, no telemetry, no account, no signup. The live validation feature that uses the network is part of a separate binary.
Multi-threaded with an incremental cache. Honors .gitignore plus your own skip rules.
Removing a leaked secret in a new commit does not erase it from history. Anyone with the repo can still pull it back.
Trestle scans every commit on every branch, applying the same detection rules as your working tree, so old leaks stop hiding in plain sight.
Open source and free Community edition. Pro adds remediation guidance and secret exposure analysis, as well as priority support.
Trestle is a single static binary: no runtime to install, nothing to configure. Download a build for your platform, or compile from source.
brew install toro-guapo/trestle/trestle Once installed, set up Trestle in a project by running trestle install in that project's root directory.
Claude Code, Cursor, Copilot and other AI agents can use Trestle to scan their output before writing files. They get the same findings as on the command line.
Trestle runs automatically before each commit. If secrets are found, the commit is aborted and the findings are reported so they can be addressed.
Set trestle lsp as the language server in Neovim, Helix, Zed, or JetBrains IDEs, or install the official Trestle extension for Visual Studio Code.