← HomeReproducible
// benchmarks
Reproducible
measurements.
If a number appears on this site, it was measured. Below is the setup so you can run it yourself and get the same result — or find a hole in my methodology.
FlashAudit vs. Gitleaks
Secret scanning on an enterprise monorepo corpus.
// setup
- Hardware
- MacBook Pro M1 Pro · 10 cores · 16 GB RAM
- Dataset
- 847,000 files · mixed source languages · ~12 GB uncompressed
- Rules
- Shared baseline (AWS, GitHub, Stripe, generic high-entropy).
- Measurement
- Wall-clock via
hyperfine(N=10, warm). Peak RSS via/usr/bin/time -l.
// commands
# FlashAudit hyperfine --warmup 1 --runs 10 \ 'flashaudit scan --repo ./enterprise-monorepo --format sarif > /dev/null' # Gitleaks hyperfine --warmup 1 --runs 10 \ 'gitleaks detect --source ./enterprise-monorepo --report-path /dev/null'
| Tool | Version | Wall-clock | Peak RSS | Files/sec |
|---|---|---|---|---|
| FlashAudit Core | 0.5.0 | 0.4s | < 80 MB | ~ 2.1M |
| Gitleaks | 8.18 | ~ 4s | ~ 420 MB | ~ 210K |
Numbers are median of 10 warm runs. Gitleaks was run with default concurrency; FlashAudit uses one OS thread per physical core. Raw hyperfine output lives in the repo at /benchmarks/.
// found an issue?
If the methodology has a hole or your environment gets different numbers, I want to know. Open an issue on the Flash-Audit-Core repo or email me directly.