A security scanner as fast as a linter — written in Rust

What is foxguard?

foxguard is an open-source security scanner released by PwnKit Labs that aims to make security feedback feel instantaneous. It is a single Rust binary that uses tree-sitter for parsing and rayon for parallelism, and it ships with 100+ built-in rules covering ten languages and many popular frameworks. It has been reported that foxguard can scan real repositories in well under a second, claiming speedups of tens to hundreds of times compared with cached Semgrep runs.

How it works

No JVM warmup, no Python interpreter, no network calls and no rule-download step — just a native binary that reads files and reports findings. foxguard can run as npx foxguard ., in pre-commit hooks, or via a VS Code extension that scans on save. It also accepts a Semgrep-compatible YAML subset as an adoption bridge, and outputs terminal, JSON, or SARIF for CI and GitHub Code Scanning.

Where it fits

This project is deliberately positioned as a fast local tool, not a drop-in replacement for Semgrep or OpenGrep. Use foxguard-builtins for immediate, local feedback; use Semgrep-compatible rules to migrate incrementally; and keep Semgrep/OpenGrep for the broadest external rule ecosystems. Want to stop findings piling up in CI and PRs? That’s the promise here: security that stays in the developer loop.

Why it matters

Developers hate waiting. Slow scanners get ignored. foxguard leans into a trend we’ve seen across tooling: bring feedback closer to the edit-save cycle so security becomes part of the flow, not an afterthought. Whether the benchmarks hold up across every codebase remains to be independently verified, but the idea is simple and potent — leave it on, and you’ll catch problems sooner.

Sources: github.com/peaktwilight, Hacker News