February 8, 2026

Ninja tool or noise killer?

Article URL →HN comments →

Show HN: Kekkai – Interactive security triage in the terminal

HN tries Kekkai: a terminal sidekick to calm chaotic security alerts

TLDR: Kekkai unifies results from popular security scanners and lets developers triage alerts quickly in the terminal. The crowd applauded the focus on triage but pressed for more context during reviews, debating whether a keyboard-driven UI beats IDE or pull request workflows for everyday cleanup.

Meet Kekkai, the open-source command-line sidekick promising to wrangle messy security alerts into one clean, reviewable list. It wraps popular scanners (Trivy for dependencies, Semgrep for code patterns, Gitleaks for secrets), runs them in locked-down containers, and gives you a keyboard-only terminal UI to mark false alarms, set failure levels for continuous integration (CI), and keep work local-first—no signups, no SaaS. You can poke it yourself via the repo.

On Hacker News, the loudest chorus: triage is the real problem, not running the tools. Folks cheered the Apache license and Python/Textual stack as approachable. The spiciest question: when Semgrep flags a murky case—like a SQL query that looks safe but builds an ORDER BY elsewhere—does Kekkai show enough context, or do you still have to jump back into the code? Some want deep links, persistent baselines, and smoother pull request workflows; others are thrilled by the no-mouse, fast-review vibe.

Drama alert: skeptics called it “yet another wrapper,” while fans hailed it as the missing bouncer for noisy CI pipelines. Meme corner lit up over the rename from “Hokage” (anime jokes galore) and the fact that “kekkai” means “barrier”—pretty on-brand for guarding repos. Mood check: cautiously hyped, very tired of false positives, ready to try it.

Key Points

  • Kekkai is an open-source CLI that wraps Trivy, Semgrep, and Gitleaks for interactive security triage.
  • It normalizes scanner outputs into a single format and offers a keyboard-driven terminal UI to review and mark findings.
  • Scanners run in isolated, read-only, no-network Docker containers, emphasizing a local-first design.
  • Features include `.kekkaiignore` for false positives and a CI mode with severity-based failure thresholds.
  • Planned enhancements include persistent triage baselines and improved PR-level workflows; repo is available on GitHub.

Hottest takes

“It’s open source (Apache 2.0)” — kirumachi
+1 on triage being the real problem — jostkolega
how much context you get before needing to jump out to the codebase — jostkolega

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.