Introducing GuardScan: Privacy-First Security Scanning & AI Code Review
Hey dev.to community! π
I'm excited to share GuardScan v1.0, a tool I built to solve a problem I ran into over and over again: finding a security scanner and AI reviewer that's strong, affordable, and respects developer privacy.
The Problem
Most security and code review tools fall short:
π« Expensive
π« Privacy concerns
π« Usage limits
π« Vendor lock-in
The Solution: GuardScan
GuardScan is a free, open-source CLI that offers full security scanning and AI-powered code review while keeping everything on your machine.
Core Principles
1. Always Free
- No credit system
- No subscriptions
- No enterprise-only features
- Unlimited repositories
2. Privacy-First
- Never upload your source code
- Offline static analysis
- Optional, anonymized telemetry
- All code stays local
3. Bring Your Own Key (BYOK)
- Use OpenAI, Claude, Gemini, or local AI via Ollama
- Pay your provider directly
- GuardScan charges nothing
Quick Start
### Install globally npm install -g guardscan ### Initialize guardscan init ### Run security scan (offline) guardscan security ### Configure AI provider (optional) guardscan config ### Run AI-enhanced review guardscan run What Can GuardScan Do?
π Security Scanning (Free & Offline)
Built-in scanners:
- Secrets detection
- Dependency vulnerabilities
- OWASP Top 10 checks
- Docker security
- Infrastructure as Code analysis
- API security
- Code metrics
- Code smells
- License compliance
π€ AI-Enhanced Features (BYOK)
guardscan explain <file> guardscan review <file> guardscan commit guardscan docs <file> guardscan test-gen <file> guardscan refactor <file> guardscan threat-model guardscan migrate guardscan chat π Language Support
AST parsers for:
- TypeScript / JavaScript
- Python
- Java
- Go
- Rust
- Ruby
- PHP
- C#
Architecture: Privacy by Design
βββββββββββββββββββββββββββββββββββ β YOUR MACHINE β β β β βββββββββββββββββββββββββββ β β β GuardScan CLI β β β β β’ Static Analysis β β β β β’ Security Scanning β β β β β’ AI Integration β β β βββββββββββββββββββββββββββ β β β β βββββββββββββββΌββββββββββββββββββββ β βββββββββββ΄ββββββββββ β β βΌ βΌ βββββββββββββββ ββββββββββββββββ β Your AI β β Telemetry β β Provider β β (Optional) β β (Optional) β β β βββββββββββββββ ββββββββββββββββ Your code never leaves your machine.
Real-World Example
Letβs say you have a 10k-line TypeScript project.
Install and set up
npm install -g guardscan guardscan init Run a free security scan
guardscan security Output:
Secrets scan: 3 issues found
Dependency scan: 12 vulnerabilities
OWASP scan: 5 potential issues
Code quality: 89/100
Report saved: security-report.md
Configure AI
guardscan config Run AI review
guardscan run Output:
Analyzing codebase...
Found 47 improvement suggestions
Identified 8 security concerns
Report saved: review-report.md
Total cost:
- GuardScan: $0
- Static analysis: $0
- AI review (with Ollama): $0
Technology Stack
CLI (34k+ LOC):
- TypeScript 5.3+
- Node.js 18+
- Commander.js
- Jest test suite
Comparison
| Feature | GuardScan | SonarQube | Snyk | GitHub Copilot |
|---|---|---|---|---|
| Price | Free | Limited / Paid | Paid | Paid |
| Privacy | Local | Cloud upload | Cloud upload | Cloud upload |
| Offline | Yes | No | No | No |
| AI Provider | Any | N/A | Proprietary | OpenAI only |
| Open Source | MIT | LGPL | No | No |
| Usage Limits | Unlimited | Yes | Yes | Yes |
Roadmap
- GitHub Actions integration
- GitLab CI/CD support
- VSCode extension
- Web UI for reports
- More language parsers (Swift, Kotlin)
- Custom rule engine upgrades
Contributing
GuardScan is open source (MIT License) and contributions are welcome!
Report bugs: GitHub Issues
Request features: GitHub Issues
Submit PRs: All contributions welcome!
The codebase is a well-structured TypeScript with 70%+ test coverage. Check out the CONTRIBUTING.md for details.
Why I Built This
As a developer, I was frustrated with security tools that:
- Charged money for basics
- Uploaded code to remote servers
- Imposed usage limits
- Forced a single vendor
Security tools should be accessible to everyone.
Get Started Today
npm install -g guardscan guardscan init guardscan security β Star the repo
Your Feedback Matters
What features would you like to see? What security checks are missing? Drop a comment below!
Made with β€οΈ by developers, for developers
Top comments (0)