A security scanner as fast as a linter – written in Rust

Summary

Sub-second local security scanning for real codebases. 100+ built-in rules · 10 languages · single Rust binary · Semgrep-compatible YAML bridge foxguard.dev · npm · crates.io A PwnKit Labs product. Security scanners are slow. 10 seconds, 30 seconds, sometimes a minute. So developers don't run them locally — they get pushed to CI, findings pile up in PRs, and nobody looks at them. foxguard fixes this by being fast enough that you never notice it's there. Same scan, 0.03 seconds instead of 10. You can run it on every save, every commit, every push. Security feedback becomes instant. src/auth/login.js 14:5 CRITICAL js/no-sql-injection (CWE-89) SQL query built with template literal interpolation src/utils/config.py 7:1 HIGH py/no-hardcoded-secret (CWE-798) Hardcoded secret in 'api_key' WARNING 2 issues in 5 files (0.03s): 1 critical, 1 high, 0 medium, 0 low Fast enough to leave on. foxguard is built for local runs, pre-commit hooks, and changed-file scans instead of “security later in CI”. Useful before you tune anything. The default value is built-in framework-aware rules for common real-world mistakes across JavaScript, Python, Go, Ruby, Java, PHP, Rust, C#, and Swift. Adoption-friendly. If you already have Semgrep/OpenGrep YAML, foxguard can load a focused compatible subset on top of built-ins so migration is incremental instead of all-or-nothing. npx foxguard . # scan the repo npx foxguard --changed . # only modified files npx foxguard secrets . # leaked credentials and private keys npx foxguard init # install a local pre-commit hook Rust + tree-sitter for AST parsing + rayon for parallelism. No JVM startup, no Python interpreter, no network calls, no rule download step. Just a native binary that reads your files and reports findings. 100+ built-in rules across 10 languages. SQL injection, XSS, SSRF, command injection, hardcoded secrets, weak crypto, unsafe deserialization, log injection, and framework-specific checks for Express, Django, Rails, Spring, Laravel, Gin...