Open source · MIT

Sighthound

A fast open-source source-code vulnerability scanner built in Rust.

Tree-sitter parsing and RON rules — command injection, SQL injection, XSS, and more. Every rule included, free.

9 Languages supported
100% Rules included, free
Fast Built for fast local scanning
Rust Tree-sitter + RON rules

Why Sighthound

Fast, modular, and fully open

Three things set Sighthound apart from other scanners.

Built for fast local scanning

Parallel file discovery, AST parsing, and prefiltering. Formal benchmarks coming separately.

Tree-sitter based & modular

Add a language by dropping in a tree-sitter grammar and rules. Modular by design.

Every rule ships in the box

All rules embedded in the binary. No config, no premium tier, no paywall.

Coverage

Supported languages

Add a new language by dropping in a tree-sitter grammar and rules — the modular architecture does the rest.

Python

incl. Django templates in .html .py

JavaScript

.js, .jsx

TypeScript / TSX

.ts, .tsx

Java

.java

Go

.go

C#

.cs

Ruby

.rb

PHP

.php, .phtml

HTML

.html

Free & open source

Scan your code locally

Install from GitHub with Cargo, point Sighthound at your project, and get findings with full taint flow — no config, no paid plan, every rule included.

$ cargo install --git https://github.com/Corgea/Sighthound $ sighthound ./src
Star on GitHub