Stop Credentials BeforeThey Leave Your Machine

Pre-commit credential scanner with AI-powered pattern learning. Catch secrets instantly, learn from your codebase, protect your team.

Get Started View Installation

See It In Action

Real-time credential detection before your commit

terminal — continum

$ git commit -m "add stripe integration"

Continum — scanning 2 files...

❌ BLOCKED

apps/api/src/config.ts (line 14)

──────────────────────────────────

Type: STRIPE_LIVE_KEY

Found: sk_live_••••••••••••••••

Severity: CRITICAL

Fix these before committing.

Two-Layer Protection

Instant local scanning combined with intelligent cloud analysis

Layer 1: Local Scanner

Instant regex-based pattern matching runs in milliseconds before your commit.

✓Catches AWS keys, API tokens, database credentials
✓Zero latency - runs offline
✓Blocks commit immediately if violations found

Layer 2: Sandbox Audit

Background AI analysis catches context-dependent violations after commit.

✓Detects generic API keys with no known pattern
✓Finds inferred PII and business-specific data
✓Fire-and-forget - doesn't block your workflow

Pattern Learning

Gets Smarter With Every Commit

When the CLI detects a potential credential with no known pattern, it prompts you to approve it. The pattern is saved to your Continum account and syncs across your entire team.

CLI Detects Unknown Pattern

High-entropy string in suspicious context

Developer Approves in Terminal

One-time approval with description and severity

Pattern Syncs to Team

All team members catch it locally on next scan

Pattern Approval

⚠️ POSSIBLE CREDENTIAL DETECTED

Type: UNKNOWN_PATTERN (HIGH confidence)

Found: acme_prod_••••••••••

Pattern: acme_prod_[a-z0-9]{16}

This looks like a credential, but it's not in our pattern library.

[a]

Approve pattern and block

Choice: a

✓ Pattern saved to your library

Built for Developer Teams

Zero Instrumentation

Works on any codebase in any language. No SDK, no code changes, just install and protect.

Team-Wide Enforcement

Config file in repo ensures every developer has the same rules. Auto-install via postinstall script.

Comprehensive Coverage

Built-in patterns for AWS, Stripe, GitHub, OpenAI, Anthropic, databases, and more.

Get Started in 60 Seconds

Install, login, and protect your codebase

Install the CLI

npm install -g @continum/cli

Login to Continum

continum login

Opens your browser for secure authentication. Sign in once and you're ready to go.

Initialize in your project

cd your-project
continum init

Creates config file and installs pre-commit hook.

✓

That's it!

Every commit will now be scanned automatically. Violations are caught before they leave your machine.

Team-Wide Auto-Install

Add to your package.json to automatically install for all developers:

{
  "scripts": {
    "postinstall": "continum init --silent"
  }
}

Ready to Protect Your Codebase?

Join teams using Continum CLI to prevent credential leaks

Get Started Free View on GitHub