Skip to main content
ScanGap
Coverage audit · OpenAICoverage audit · One charge, one report

$99, one report, every gap your scanner misses

No dashboard, no login, no monthly bill. The deliverable is a single audit report — one read, no follow-on tooling to babysit.

  • Curated patterns
  • $99 launch price
  • No charge today
gitleaks.toml · coverage diff
8 missing
  • OpenAIsk-proj-•••covered
  • Anthropicsk-ant-api03-•••covered
  • Replicater8_•••covered
  • ElevenLabssk_•••covered
  • Cohereco-•••covered
  • Mistral•••mistral•••covered
  • Groqgsk_•••covered
  • Hugging Facehf_•••covered

Before audit: 0 of 8 covered, 8 missing

# your gitleaks.toml — current state
# 8 modern AI provider patterns NOT present.

[[rules]]
id          = "generic-api-key"
description = "Generic API Key"
regex       = '''(?i)api[_-]?key.{0,20}['"][A-Za-z0-9]{20,}['"]'''
# (no AI-provider-specific rules)

Click below to see the patched config.

Coverage scope

Every audit checks all eight providers

8 / 8 providers · live coverage

These are the AI-provider key formats most likely to be leaking from a 2026 codebase — and the ones community scanner rule packs are slowest to refresh.

  • audited
    OpenAIsk-proj-132 chars + T3BlbkFJ suffix
  • audited
    Anthropicsk-ant-api03-93 base64 chars + AA
  • audited
    Replicater8_37 alphanumeric chars
  • audited
    ElevenLabssk_48 hex chars
  • audited
    Cohereco-40 alphanumeric chars
  • audited
    Mistral···.mistral32 chars + .mistral
  • audited
    Groqgsk_52 alphanumeric chars
  • audited
    Hugging Facehf_34 alphanumeric chars

Hover any provider for the full key-format spec we validate against.

Why this audit, now

The gap your scanner doesn't flag is the one that hurts.

Reservations close the validation window. Lock in the $99 launch price now while it's a fixed line item — once the live checkout opens we won't reopen the reservation list.

gap 01

Every dev-tool sales call eats an hour and ends in a demo request.

gap 02

Approving a new SaaS subscription costs more engineering time than this audit costs in cash.

gap 03

You want a fixable, written record — not another login to a dashboard you will check twice.

What you receive

One charge, one deliverable, one inbox. No account to create, nothing recurring.

One charge, one PDF, no subscription — that's the post-launch contract. Coverage rules are curated from real provider docs and unit-tested before shipping, never LLM-generated regexes that false-positive on your CI.

01 · Diagnosis

A coverage score for every modern AI provider

We compare your scanner's active rules against eight current AI-provider key formats and produce a side-by-side coverage map. You see, in one diagram, which providers you cover and which you don't.

  • Side-by-side coverage map for all 8 providers
  • One coverage score (0–100), unambiguous
coverage map · diagnosis
avg gap 0%
  • OpenAI
    88% gap
  • Anthropic
    100% gap
  • Replicate
    65% gap
  • ElevenLabs
    82% gap
  • Cohere
    76% gap
  • Mistral
    92% gap
  • Groq
    100% gap
  • Hugging Face
    59% gap

coral = current gap amber tick = where ScanGap rules would land

02 · Deliverable

A 2–3 page PDF, not a dashboard you'll forget about

The report will include the coverage score, the specific gaps we found, and the exact TOML/YAML rule snippets that close each one — copy-paste ready. No login, no dashboard, no recurring bill.

  • TOML / YAML / JSON rule snippets ready to paste
  • Signed PDF — attachable to any questionnaire
Preview of a ScanGap audit report on a dark dashboard surface — a coverage map of eight AI provider rows with amber and moss indicators and coral missing-pattern tags, alongside a 62% coverage score donut and a Gitleaks rule snippet highlighted in amber.
03 · Methodology

Curated patterns against a maintained checklist

Coverage rules are documented from each provider's real key format and unit-tested against live fixtures — not LLM-generated guesses. We use these keys ourselves, so missing patterns get caught against our own configs first.

  • Pattern set updated when vendors ship new formats
  • Every regex has a unit-tested fixture
Top-down hierarchical diagram showing a key-pattern string fanning into multiple moss-green matched rule paths with one coral missed match.
Curated, not generated

We use these keys ourselves. The library comes from reading provider docs and breaking our own keys — not from prompting an LLM.

You already know what happens when you ask GPT for “a regex matching OpenAI keys”: a confident-looking pattern that over-matches generic strings or misses the actual format. Every regex in our coverage library is documented from each provider's real key spec and unit-tested against a real fixture before it ships in your report.

0providers documented
0LLM-generated regexes
0%fixtures unit-tested
Common questions

Honest answers to the questions we hear most.

Still on the fence? Drop your question in the waitlist form above — a real person replies, usually within a day.

Doesn't my AppSec firm handle this?

Almost certainly not between engagements. Annual penetration tests and security reviews don't refresh scanner rule packs as new providers ship new key formats. ScanGap is the gap between those reviews — a point-in-time coverage audit you can hand back to them, or staple to a questionnaire.

Isn't GitGuardian free?

GitGuardian's free tier is excellent at what it does, but its public detector library is community-maintained and frequently lags behind new provider formats (Anthropic's 2026 key prefix, OpenAI's project keys, Mistral and Groq's launches). We audit whatever scanner you already run — including GitGuardian — against a current AI-provider pattern set.

What if my scanner config doesn't have AI-key rules at all?

That's the most common finding. The audit lists every provider you're missing alongside the exact rule blocks for your scanner — Gitleaks TOML, Semgrep YAML, or TruffleHog JSON — so you can paste them straight into your existing config. Same scanner, same workflow, just complete coverage.

What scanners do you support?

Gitleaks, TruffleHog, Semgrep, and GitHub Secret Scanning (custom patterns). If you run something else, reserve with a note and we'll confirm whether your config is supported before the launch email goes out.

Why $99 and not a subscription?

Because the audit is a discrete deliverable, not a tool. One report, one paste, done — no login, no monthly bill, no dashboard to babysit. Continuous monitoring exists as a separate $99/mo tier you can opt into on the reservation form if you'd rather subscribe than re-audit.

When does this launch?

ScanGap is in a 7-day private validation window right now. If reservations clear the threshold we set internally, we build the parser, pattern library, and automated report generator across the following two weeks — so the live checkout email lands ~2–3 weeks after you reserve. If we decide not to build, you get one short email saying so and your reservation is closed out. No card is taken either way until the live product ships.

Am I being charged today?

No. Reserving puts your work email on the launch list at the $99 price and fires a single intent signal we use to decide whether to build. No payment method is collected on this site. The first time a card is involved is the live checkout email we send when the audit goes live.

Ready when you are

$99, one report, every gap your scanner misses

One charge, one deliverable, one inbox. No account to create, nothing recurring.

or join the waitlist above · no account required
ScanGap

Private validation: ScanGap is in a 7-day demand test. No card is taken. We email each reservation once with the live checkout when the audit ships — or once with a short note if we decide not to build it.