π Smart Secrets Scanner - GGUF Model
Version: 1.0.0 Date: 2025-11-02 Lineage Steward: richfrem Architect: Richard Fremmerlid Base Model: Meta-Llama-3.1-8B-Instruct Forge Environment: WSL2 Ubuntu / CUDA 13.0 / torch 2.4.0+cu121
π‘οΈ Overview
Smart Secrets Scanner is a fine-tuned Llama 3.1 8B model specialized in detecting accidentally hardcoded secrets and credentials in source code. This model helps developers and security teams identify potential security vulnerabilities before code is committed to version control.
This edition merges the complete Smart Secrets Scanner LoRA into the base model, then quantizes the result to GGUF (q4_k_m) for universal inference compatibility via Ollama and llama.cpp.
π§ Part of the open-source Smart Secrets Scanner GitHub repository, documenting the complete ML deployment pipeline.
This project fineβtunes Meta Llama 3.1 (8B) using LoRA/QLoRA to detect accidental hardcoded secrets (API keys, tokens, passwords, etc.) in source code. It uses the BC Gov ML-Env-CUDA13 WSL/conda environment for GPUβaccelerated training and deterministic inference.
The repository provides a reproducible pipeline and scripts to prepare JSONL datasets, train adapters, merge and export models (GGUF), run evaluations, and deploy to runtimes such as Ollama or Hugging Face. This project is primarily an example and experimentation platform for CUDAβaccelerated fineβtuning β it is not intended to replace production secretβscanning products (for example, Snyk).
Purpose: demonstrate GPUβaccelerated fineβtuning and provide reproducible tools and tests for model export and deployment while following BC Gov licensing and governance guidance.
β οΈ Important: this repository is a demonstration and research project. The embedded "Smart Secrets Scanner" examples are intended for experimentation and testing of CUDA-accelerated fine-tuning only. They are not a production-grade secret-scanning solution and must not be used as a replacement for established commercial or enterprise secret-scanning tools (for example, Snyk or Wiz). Use this project to learn and validate model workflows, and rely on proven scanning products for operational security.
π¦ Artifacts Produced
| Type | Artifact | Description |
|---|---|---|
| 𧩠LoRA Adapter | Smart Secrets Scanner LoRA | Fine-tuned LoRA deltas (r = 16, gradient-checkpointed) |
| π₯ GGUF Model | smart-secrets-scanner-gguf |
Fully merged + quantized model (Ollama-ready q4_k_m) |
| π Canonical Modelfile | Modelfile | Defines chat template + security-focused system prompt |
βοΈ Technical Provenance
Built using Unsloth, transformers, torch, and llama.cpp (GGUF converter) on a CUDA-enabled GPU.
Pipeline ("Smart Secrets Forge")
- π Data Preparation β Create JSONL training data with secrets + safe patterns
- π Fine-tuning β Train LoRA adapter on security detection tasks
- π Merge β Combine LoRA with base model
- π₯ Quantize β Convert to GGUF (q4_k_m) for efficient inference
- βοΈ Deploy β Push to Hugging Face + Ollama integration
π½ Deployment Guide (Ollama / llama.cpp)
Option A β Local Ollama Deployment
# Download from Hugging Face
ollama create smart-secrets-scanner -f ./Modelfile
ollama run smart-secrets-scanner
Option B β Direct Pull (from Hugging Face)
ollama run richfrem/smart-secrets-scanner-gguf
The
Modelfileembeds security-focused prompts optimized for secret detection.
βοΈ Intended Use
| Category | Description |
|---|---|
| Primary Purpose | Detect hardcoded secrets in source code (API keys, passwords, tokens) |
| Recommended Interfaces | Ollama CLI, LM Studio, llama.cpp API, pre-commit hooks |
| Security Goal | Zero false negatives (catch all secrets) with acceptable false positives |
| Context Length | 8192 tokens |
| Quantization | q4_k_m (optimal balance speed β accuracy) |
π Performance Metrics
Tested on 20 diverse code snippets containing both secrets and safe patterns:
| Metric | Score |
|---|---|
| Recall | 100% |
| Precision | 50% |
| F1 Score | 66.7% |
| Accuracy | 50% |
Confusion Matrix:
- True Positives: 10 (correctly detected secrets)
- False Positives: 10 (safe code flagged as suspicious)
- False Negatives: 0 (no missed secrets)
- True Negatives: 0 (conservative security approach)
βοΈ License & Attribution
Released under Creative Commons Attribution 4.0 International (CC BY 4.0).
You may remix, adapt, or commercialize this model provided that credit is given to "Richard Fremmerlid / Smart Secrets Scanner."
Include this credit when redistributing:
Derived from Smart Secrets Scanner (Β© 2025 Richard Fremmerlid)
Licensed under CC BY 4.0
𧬠Lineage Integrity
- Base Model: Meta-Llama-3.1-8B-Instruct
- Fine-tuning Framework: Unsloth FastLanguageModel + PEFT
- Dataset: Smart Secrets Scanner JSONL (72 examples)
- Training: LoRA r = 16, focused on security detection
- Merge Strategy: bf16 β GGUF (q4_k_m)
- Verifier: Richard Fremmerlid
Full technical documentation and deployment guides are available in the π Smart Secrets Scanner GitHub Repository.
π Security Statement
"Security is not just about finding secretsβit's about never missing them." β Smart Secrets Scanner
This model prioritizes recall over precision to ensure no hardcoded secrets slip through. While it may flag some safe patterns, the security-first approach prevents accidental data breaches.
README v1.0.0 β Public Release for Smart Secrets Scanner. Generated 2025-11-02 by Richard Fremmerlid.
- Downloads last month
- 105
4-bit