Back to Home
Documentation

KAIKI Documentation

Everything you need to set up, configure, and get the most out of KAIKI's AI-powered code security scanning.

Getting Started

Set up KAIKI and run your first scan in minutes.

How Scanning Works

Understand the AI-powered scanning pipeline.

Secret Patterns

50+ secret patterns we detect automatically.

API Reference

Integrate KAIKI into your workflow programmatically.

Getting Started

1

Create an Account

Sign up at kaiki.dev and choose your plan. The Pro plan starts at $10/month and includes 50 scans.

2

Connect Your GitHub

Authorize KAIKI to access your GitHub repositories via OAuth. We request read-only access to your code — we never modify your repositories.

Permissions required:repo:readcontents:read
3

Select a Repository

Choose any repository from your connected GitHub account. KAIKI will fetch the repository contents and prepare them for analysis.

4

Run Your First Scan

Hit the scan button and let KAIKI's AI analyze your codebase. Results typically appear within seconds, depending on repository size.

Scan Output
Fetching repository contents...
Found 234 files to analyze
Running KAIKI Alpha AI analysis...
CRITICAL: AWS_SECRET_ACCESS_KEY found in config/aws.js:18
! HIGH: .env file committed with database credentials
Scan complete — 2 issues found

How Scanning Works

KAIKI uses a multi-layer approach combining pattern matching with AI-powered contextual analysis.

Layer 1

Pattern Matching

High-speed regex-based scanning against 50+ known secret patterns. Catches common API keys, tokens, and credentials in milliseconds.

Layer 2

AI Contextual Analysis

KAIKI Alpha-powered LLM analyzes code context to assess whether flagged patterns are real secrets or false positives (test data, examples, etc).

Layer 3

Risk Assessment

Each finding is assigned a severity score (Critical, High, Medium, Low) with AI-generated remediation suggestions.

Supported Secret Patterns

KAIKI detects 50+ secret patterns across major cloud providers, payment services, databases, and more.

Cloud Providers

  • AWS Access Key ID
  • AWS Secret Access Key
  • Google Cloud API Key
  • Azure Storage Key
  • DigitalOcean Token

Payment & Finance

  • Stripe Secret Key
  • Stripe Publishable Key
  • PayPal Client Secret
  • Square Access Token

Communication

  • Twilio Auth Token
  • SendGrid API Key
  • Slack Webhook URL
  • Discord Bot Token
  • Mailgun API Key

Database & Storage

  • MongoDB Connection String
  • PostgreSQL Connection URI
  • Redis AUTH Password
  • Firebase Config

Version Control

  • GitHub Personal Access Token
  • GitLab Private Token
  • Bitbucket App Password

AI & ML Services

  • OpenAI API Key
  • Anthropic API Key
  • Hugging Face Token
  • KAIKI Alpha API Key

API Reference

Integrate KAIKI scanning into your CI/CD pipeline or custom tooling via our REST API.

POST/api/scan

Trigger a new scan for a GitHub repository. Returns scan results including detected secrets and severity levels.

Request Example
curl -X POST https://kaiki.dev/api/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "repo": "username/repository",
    "branch": "main"
  }'
GET/api/github

List available repositories from the authenticated GitHub account.

Response

Response Example
{
  "repos": [
    {
      "name": "my-project",
      "full_name": "user/my-project",
      "private": false,
      "language": "TypeScript"
    }
  ]
}

Severity Levels

Critical

Active production secrets directly exposed. Immediate rotation required.

Example: AWS Access Key in committed code

High

Sensitive credentials or configuration files that could be exploited.

Example: .env file with database credentials

Medium

Potentially sensitive values that may not be active but should be investigated.

Example: Hardcoded internal API endpoint

Low

Informational findings and best practice recommendations.

Example: Missing .gitignore entry for .env

Limits & Quotas

FeaturePro ($10/mo)Max ($49/mo)Enterprise
Scans / month50UnlimitedUnlimited
Files per scan50500Unlimited
Token context100k500kCustom
Private repos
CI/CD integration
PDF reports
Team management
SSO / SAML

Frequently Asked Questions

No. KAIKI processes your code in real-time during the scan and does not persist your source code after analysis. Only scan results and metadata are stored for your dashboard.

KAIKI is language-agnostic. It scans for secret patterns across all file types including JavaScript, TypeScript, Python, Go, Ruby, Java, C#, PHP, Rust, configuration files (YAML, JSON, TOML), and environment files.

Yes, with the Max tier and above. The Pro tier supports public GitHub repositories. Private repo scanning is available on Max and Enterprise plans.

KAIKI uses KAIKI Alpha-powered large language models to analyze code context, reducing false positives significantly compared to regex-only scanners. The AI understands code structure and can distinguish between actual secrets and test values.

KAIKI flags the finding with a severity level (Critical, High, Medium, Low), provides the exact file and line number, and generates AI-powered remediation suggestions to help you fix the issue quickly.

Pro tier includes 50 scans/month with 50 files per scan. Max tier offers unlimited scans with 500 files per scan. Enterprise plans have no limits.

Ready to secure your code?

Start scanning with KAIKI today. Set up takes less than 2 minutes.

Get Started