Built for fast local scanning
Parallel file discovery, AST parsing, and prefiltering. Formal benchmarks coming separately.
Open source · MIT
A fast open-source source-code vulnerability scanner built in Rust.
Tree-sitter parsing and RON rules — command injection, SQL injection, XSS, and more. Every rule included, free.
Why Sighthound
Three things set Sighthound apart from other scanners.
Parallel file discovery, AST parsing, and prefiltering. Formal benchmarks coming separately.
Add a language by dropping in a tree-sitter grammar and rules. Modular by design.
All rules embedded in the binary. No config, no premium tier, no paywall.
Coverage
Add a new language by dropping in a tree-sitter grammar and rules — the modular architecture does the rest.
Free & open source
Install from GitHub with Cargo, point Sighthound at your project, and get findings with full taint flow — no config, no paid plan, every rule included.
$ cargo install --git https://github.com/Corgea/Sighthound $ sighthound ./src