Engineering Release Notes
Eliminating credential leaks at the commit stage.
Statically compiled in Go with zero external runtime dependencies, Crenox runs validation scans in sub-20ms to secure staged files before they leave the developer workstation.
Published by Khaled Hani on July 3, 2026
07 / Engineering Blog
Technical insights & system logs
Articles written by the developers covering the design, optimization, and security philosophy of Crenox.
JULY 13, 2026
How version 2.0.7 introduces an 8 MB chunk-streaming ScanReader coupled with a global sync.Pool buffer cache. This limits absolute memory footprint to concurrent CPU worker counts, preventing heap allocation buildup and dropping peak RSS by up to 13x.
JULY 7, 2026
How version 2.0.5 implements a flat, contiguous, integer-indexed DFA table for Aho-Corasick matching. This reduces the Trie's active memory to 500 KB, bringing absolute peak RSS down to Go runtime limits (~11 MB) with zero scan heap allocations.
JULY 3, 2026
How version 2.0.4 achieves a 27% memory footprint reduction (RSS) by compiling user-defined signatures directly into the search trie transitions, removing runtime regex parsing overhead.
JUNE 28, 2026
Why remote repository scanning is too late. A study on the rotation window of exposed cloud credentials and why preventing the commit locally is the only zero-exposure security posture.