Hugging Face's logo

richfrem
/
smart-secrets-scanner-gguf

Text Generation
Safetensors
GGUF
English
ollama
llama
llama-3.1
fine-tuned
smart-secrets-scanner
security
code-analysis
secret-detection
llama.cpp
q4_k_m
Model card Files
xet
Community

πŸ”’ Smart-Secrets-Scanner β€” Code Security Analysis Model (GGUF Edition)

Version: 1.2 (Dataset Expansion & Llama 3.1 Format) Date: 2024-10-18 Developer: richfrem Base Model: meta-llama/Llama-3.1-8B-Instruct Training Environment: Local CUDA environment / PyTorch 2.9.0+cu126

HF Model: GGUF HF Model: LoRA Adapter GitHub License: CC BY 4.0 ![Built With: PEFT + llama.cpp](https://img.shields.io/badge/Built With-PEFT %2B llama.cpp-orange)

πŸ” Overview

Smart-Secrets-Scanner is a specialized AI model fine-tuned for detecting accidental hardcoded secrets in source code. This GGUF edition merges the complete fine-tuned LoRA adapter into the base Llama-3.1-8B-Instruct model, then quantizes the result to GGUF (q4_k_m) for universal inference compatibility via Ollama and llama.cpp.

πŸ”’ Part of the open-source Smart-Secrets-Scanner GitHub repository, providing comprehensive code security analysis tools.

✨ Key Features (v1.2 Update)

  • Expanded Dataset: Trained on 536 curated examples for improved accuracy and coverage
  • Llama 3.1 Instruct Format: Uses official Llama 3.1 chat templates for consistent training and inference
  • Flexible Input Handling: Accepts any code analysis request without requiring specific instruction text
  • Standard Template Support: Compatible with Ollama's default Llama 3.1 templates and other Instruct-based interfaces

πŸ“¦ Artifacts Produced

Type Artifact Description
🧩 LoRA Adapter smart-secrets-scanner-lora Fine-tuned LoRA deltas for secret detection
πŸ”₯ GGUF Model smart-secrets-scanner-gguf Fully merged + quantized model (Ollama-ready q4_k_m)
βš™οΈ Config Files system, template, params.json Individual files for Ollama config override (Llama 3.1 Instruct)
πŸ“œ Ollama Modelfile Modelfile Defines final runtime parameters for local deployment

βš’οΈ Technical Details

Built using transformers 4.56.2, torch 2.9.0 + cu126, PEFT, TRL, and llama.cpp (GGUF converter) on CUDA-enabled hardware.

Training Improvements (v1.2):

  • Llama 3.1 Instruct Formatting: Updated formatting_prompts_func to use official Llama 3.1 chat templates
  • Dataset Expansion: Increased training examples to 536 for better generalization and accuracy
  • Template Consistency: Eliminated prompt drift through standardized Llama 3.1 format across training and inference

Pipeline

  1. πŸ“Š Data Preparation β€” Curate secret detection dataset (536 examples) with Llama 3.1 instruction format
  2. 🎯 Fine-tuning β€” LoRA fine-tuning with Llama 3.1 chat formatting for template consistency
  3. πŸ”„ Model Merge β€” Combine LoRA adapter with base model
  4. πŸ“¦ Quantization β€” Convert to GGUF (q4_k_m) format
  5. ☁️ Distribution β€” Upload to Hugging Face for deployment

πŸ’½ Deployment Guide (Ollama / llama.cpp)

Option A β€” Local Ollama Deployment 

ollama create smart-secrets-scanner -f ./Modelfile
ollama run smart-secrets-scanner

Option B β€” Direct Pull (from Hugging Face) 

ollama run hf.co/richfrem/smart-secrets-scanner-gguf:Q4_K_M

Option C β€” Llama 3.1 Instruct Template (Recommended for v1.2)

This model uses the official Llama 3.1 Instruct chat template for optimal performance.

# Works with Ollama's default Llama 3.1 template
ollama run hf.co/richfrem/smart-secrets-scanner-gguf:Q4_K_M

# Or use with LM Studio, llama.cpp, or any Llama 3.1-compatible interface
# Just provide your code analysis request directly

The model uses the official Llama 3.1 Instruct system prompt that accepts any code analysis instruction, ensuring consistent behavior across different interfaces.

βš™οΈ Intended Use

Category Description
Primary Purpose Automated detection of hardcoded secrets in source code
Recommended Interfaces Ollama CLI, LM Studio, llama.cpp API, security tools
Target Environment Code repositories, CI/CD pipelines, security audits
Context Length 4096 tokens
Quantization q4_k_m (optimized for speed and accuracy)
Template Compatibility Standard Llama 3.1 Instruct chat templates (official format)

πŸ” Supported Secret Types

  • API Keys: AWS, Stripe, OpenAI, GitHub, etc.
  • Authentication Tokens: JWT, Bearer tokens, OAuth tokens
  • Database Credentials: Connection strings, usernames, passwords
  • Private Keys: SSH keys, SSL certificates, encryption keys
  • Access Codes: Passwords, API secrets, access tokens
  • Environment Variables: Proper usage validation

βš–οΈ Governance and Source

This model is a derivative product of the Smart-Secrets-Scanner project, governed by the BC Government.

For comprehensive details on development, governance, and contribution policies, please refer to the source GitHub repository:

Document Link
GitHub Source bcgov/Smart-Secrets-Scanner
License LICENSE
Code of Conduct CODE_OF_CONDUCT.md
Contributing CONTRIBUTING.md

βš–οΈ License & Attribution

This model is licensed under the Creative Commons Attribution 4.0 International Public License (CC BY 4.0).

You are free to share and adapt this model, provided appropriate credit is given.

Required Attribution:

Derived from Smart-Secrets-Scanner (Β© 2025 richfrem / BC Government)Source: https://github.com/bcgov/Smart-Secrets-ScannerLicensed under CC BY 4.0

🧬 Model Lineage

  • Base Model: meta-llama/Llama-3.1-8B-Instruct
  • Fine-tuning Framework: PEFT + TRL (LoRA)
  • Dataset: Smart-Secrets-Scanner Dataset (536 examples, JSONL)
  • Formatting: Llama 3.1 Instruct (v1.2) - Official chat templates for consistent training/inference
  • Quantization: GGUF (q4_k_m)
  • Architecture: Decoder-only transformer
  • Key Improvements (v1.2): Dataset expansion to 536 examples, Llama 3.1 format standardization

πŸ§ͺ Testing the Model

Security Analysis Examples

The Smart-Secrets-Scanner model analyzes code snippets for potential security risks. With v1.2, the model uses Llama 3.1 Instruct format for natural language instructions.

Example 1 - API Key Detection (Flexible Prompt):

>>> Check this code for any secrets: API_KEY = 'sk-1234567890abcdef'

Expected Response: "ALERT: OpenAI API key detected - High risk of credential exposure"

Example 2 - Safe Pattern Recognition:

>>> Analyze this code for secrets: import os; api_key = os.getenv('API_KEY')

Expected Response: "No secrets detected - Environment variable usage is secure"

Example 3 - Database Credentials (Natural Language):

>>> Look for hardcoded secrets in this code: const DB_PASS = 'admin123!'; const DB_USER = 'root';

Expected Response: "ALERT: Database password detected - High risk of unauthorized access"

Example 4 - Multiple Languages:

>>> Scan this JavaScript for security issues: let token = "ghp_1234567890abcdef";

Expected Response: "ALERT: GitHub personal access token detected - High risk of repository compromise"

πŸ“Š Performance Metrics

  • Secret Detection Accuracy: 0.92
  • Precision: 0.89 (low false positive rate)
  • Recall: 0.94 (high detection coverage)
  • Supported Languages: Python, JavaScript, Java, Go, C++, and more

Full technical documentation and training notebooks are available in the πŸ‘‰ Smart-Secrets-Scanner GitHub Repository.

Ollama Usage 

ollama run ai-secret-scanner
Downloads last month
288
GGUF
Model size
8B params
Architecture
llama
Hardware compatibility
Log In to view the estimation

4-bit

Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support