Open Source · Free Forever

Security scanning
before every commit

Guardian is a fast, local pre-commit hook that catches CVEs, leaked secrets, and code vulnerabilities — in milliseconds, before they hit your repo.

Get Started View on GitHub

$ git commit -m "add payment integration"

Running Guardian pre-commit checks...

Secrets scan — 23 files checked, 0 secrets found

OSV CVE scan — go.mod scanned, 0 vulnerabilities

AI SAST — Claude Haiku analysing diff...

✗ CRITICAL: SQL injection risk in payment.go:47

Raw user input passed to db.Query() without parameterisation

Commit blocked. Fix the issue above and try again.

Why Guardian

Catch issues at the source

Not after a PR review. Not in CI. Before the commit is even made.

📦

OSV Dependency Scanning

Checks go.mod, package.json, requirements.txt, and Gemfile.lock against the Google OSV database in real-time.

🔑

Secret Detection

15+ regex patterns covering AWS keys, GitHub tokens, Stripe secrets, JWTs, connection strings, and more. Blocks the commit instantly.

🧠

AI-Powered SAST

Sends your staged diff to Claude Haiku for code-level analysis — SQL injection, XSS, path traversal, hardcoded creds. Real intelligence, not just patterns.

Millisecond Performance

Written in Go. Runs in the background of your git workflow. No Docker, no JVM, no waiting. Just fast.

🔓

Fully Local

No code leaves your machine except the staged diff to Claude (opt-in). No SaaS platform, no account needed, no monthly fee.

🎛️

Granular Control

Run all checks or skip individual ones. CI-friendly with --no-color. Exit codes compatible with any pipeline.

Installation

Up in 30 seconds

Go Install Pre-commit Hook Manual

# Install Guardian

go install github.com/bobbydeveaux/guardian/app/cmd/guardian@latest

# Set your Anthropic API key (for AI SAST — optional)

export ANTHROPIC_API_KEY=sk-ant-...

# Install as a pre-commit hook in your repo

guardian install

# That's it. Every commit is now scanned automatically.

What it checks

Comprehensive coverage

Check What it finds Data sources Type
📦 OSV CVE Scan Known vulnerabilities in Go, npm, PyPI, RubyGems dependencies Google OSV API Local + API
🔑 Secrets Detection AWS keys, GitHub tokens, Stripe, Twilio, JWT, connection strings, generic passwords, 15+ patterns Regex patterns 100% Local
🧠 AI SAST SQL injection, XSS, path traversal, command injection, auth bypass, hardcoded secrets in logic Claude Haiku Diff sent to API

Stop committing security debt

Guardian is free, open-source, and takes 30 seconds to install.

Install Now Star on GitHub