Nauman Tanwir

Posted on Nov 17

Introducing GuardScan: 100% Free, Privacy-First AI Code Review & Security Scanning CLI

#programming #productivity #security #opensource

Introducing GuardScan: Privacy-First Security Scanning & AI Code Review

Hey dev.to community! 👋

I'm excited to share GuardScan v1.0, a tool I built to solve a problem I ran into over and over again: finding a security scanner and AI reviewer that's strong, affordable, and respects developer privacy.

The Problem

Most security and code review tools fall short:

🚫 Expensive
🚫 Privacy concerns
🚫 Usage limits
🚫 Vendor lock-in

The Solution: GuardScan

GuardScan is a free, open-source CLI that offers full security scanning and AI-powered code review while keeping everything on your machine.

Core Principles

1. Always Free

No credit system
No subscriptions
No enterprise-only features
Unlimited repositories

2. Privacy-First

Never upload your source code
Offline static analysis
Optional, anonymized telemetry
All code stays local

3. Bring Your Own Key (BYOK)

Use OpenAI, Claude, Gemini, or local AI via Ollama
Pay your provider directly
GuardScan charges nothing

Quick Start

### Install globally
npm install -g guardscan

### Initialize
guardscan init

### Run security scan (offline)
guardscan security

### Configure AI provider (optional)
guardscan config

### Run AI-enhanced review
guardscan run

What Can GuardScan Do?

🔒 Security Scanning (Free & Offline)

Built-in scanners:

Secrets detection
Dependency vulnerabilities
OWASP Top 10 checks
Docker security
Infrastructure as Code analysis
API security
Code metrics
Code smells
License compliance

🤖 AI-Enhanced Features (BYOK)

guardscan explain <file>
guardscan review <file>
guardscan commit
guardscan docs <file>
guardscan test-gen <file>
guardscan refactor <file>
guardscan threat-model
guardscan migrate
guardscan chat

🌍 Language Support

AST parsers for:

TypeScript / JavaScript
Python
Java
Go
Rust
Ruby
PHP
C#

Architecture: Privacy by Design

┌─────────────────────────────────┐
│      YOUR MACHINE               │
│                                 │
│  ┌─────────────────────────┐    │
│  │   GuardScan CLI         │    │
│  │   • Static Analysis     │    │
│  │   • Security Scanning   │    │
│  │   • AI Integration      │    │
│  └─────────────────────────┘    │
│             │                   │
└─────────────┼───────────────────┘
              │
    ┌─────────┴─────────┐
    │                   │
    ▼                   ▼
┌─────────────┐   ┌──────────────┐
│ Your AI     │   │ Telemetry    │
│ Provider    │   │ (Optional)   │
│ (Optional)  │   │              │
└─────────────┘   └──────────────┘

Your code never leaves your machine.

Real-World Example

Let’s say you have a 10k-line TypeScript project.

Install and set up

npm install -g guardscan
guardscan init

Run a free security scan

guardscan security

Output:

Secrets scan: 3 issues found

Dependency scan: 12 vulnerabilities

OWASP scan: 5 potential issues

Code quality: 89/100

Report saved: security-report.md

Configure AI

guardscan config

Run AI review

guardscan run

Output:

Analyzing codebase...

Found 47 improvement suggestions

Identified 8 security concerns

Report saved: review-report.md

Total cost:

GuardScan: $0
Static analysis: $0
AI review (with Ollama): $0

Technology Stack

CLI (34k+ LOC):

TypeScript 5.3+
Node.js 18+
Commander.js
Jest test suite

Comparison

Feature	GuardScan	SonarQube	Snyk	GitHub Copilot
Price	Free	Limited / Paid	Paid	Paid
Privacy	Local	Cloud upload	Cloud upload	Cloud upload
Offline	Yes	No	No	No
AI Provider	Any	N/A	Proprietary	OpenAI only
Open Source	MIT	LGPL	No	No
Usage Limits	Unlimited	Yes	Yes	Yes

Roadmap

GitHub Actions integration
GitLab CI/CD support
VSCode extension
Web UI for reports
More language parsers (Swift, Kotlin)
Custom rule engine upgrades

Contributing

GuardScan is open source (MIT License) and contributions are welcome!

Report bugs: GitHub Issues
Request features: GitHub Issues
Submit PRs: All contributions welcome!

The codebase is a well-structured TypeScript with 70%+ test coverage. Check out the CONTRIBUTING.md for details.

Why I Built This

As a developer, I was frustrated with security tools that:

Charged money for basics
Uploaded code to remote servers
Imposed usage limits
Forced a single vendor

Security tools should be accessible to everyone.

Get Started Today

npm install -g guardscan
guardscan init
guardscan security

⭐ Star the repo

Your Feedback Matters

What features would you like to see? What security checks are missing? Drop a comment below!

Made with ❤️ by developers, for developers

DEV Community

Introducing GuardScan: 100% Free, Privacy-First AI Code Review & Security Scanning CLI

Introducing GuardScan: Privacy-First Security Scanning & AI Code Review

The Problem

The Solution: GuardScan

Core Principles

Quick Start

What Can GuardScan Do?

🔒 Security Scanning (Free & Offline)

🤖 AI-Enhanced Features (BYOK)

🌍 Language Support

Architecture: Privacy by Design

Real-World Example

Let’s say you have a 10k-line TypeScript project.

Install and set up

Run a free security scan

Output:

Secrets scan: 3 issues found

Dependency scan: 12 vulnerabilities

OWASP scan: 5 potential issues

Code quality: 89/100

Report saved: security-report.md

Configure AI

Run AI review

Output:

Analyzing codebase...

Found 47 improvement suggestions

Identified 8 security concerns

Report saved: review-report.md

Technology Stack

Comparison

Why I Built This

Get Started Today

Your Feedback Matters

Top comments (0)