Skip to content

leopard876/hounddog

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
install.ps1
install.ps1
 
 
install.sh
install.sh
 
 

Repository files navigation

HoundDog.ai

What is it?

HoundDog.ai is a source code scanner and SAST (Static Application Security Testing) command-line tool that helps you with the following use cases:

  • Proactive PII Leak Prevention: Detect PII (Personally Identifiable Information) leaks through logs, files, cookies, tokens, and third-party APIs early in the development cycle to strengthen the data security posture and avoid costly remediation in production.
  • Third-Party Risk Mitigation: Track third-party dataflows and detect data processing agreement violations before changes reach users.
  • Automatic Data Mapping for Privacy Compliance: Automate and streamline data processing documentation, replacing error-prone spreadsheets and surveys with continuous monitoring that keeps pace with development.

How is it different?

  • 100% complementary to other scanners: Our goal is not to replace CodeQL, Snyk etc., but to fill a critical gap and be the best-in-class for PII leak detection. We extensively and uniquely cover CWEs such as CWE-201, CWE-209, CWE-312, CWE-313, CWE-315, CWE-532, CWE-539.
  • Privacy-focused: By default, the scanner runs in your environment. Your code never leaves your premises.
  • Fast and lightweight: Written in Rust for speed, safety and portability, the scanner can go through 1 million lines of code in under a minute on modern hardware. The unzipped binary is less than 30MB in size.
  • Highly accurate: We maintain a carefully curated set of rules covering multiple domains (PII, PHI, PIFI). We prioritize minimizing false positives and refine our rules regularly using AI-assisted workflows, human expert reviews and real-world testing.

Free Features

  • Source code scanning with our standalone binary or Docker image.
  • Markdown reports showing point-in-time views of the PII data elements including sensitivity levels, occurrence counts, file locations and code snippets.

Paid Features

  • Monitoring on vulnerabilities exposing PII in cleartext (logs, files, cookies, tokens, and third-party APIs).
  • Graphical PII dataflow visualizations.
  • Integration with CI/CD pipelines and Jira.
  • Security dashboard integration with GitHub Enterprise and GitLab Ultimate.
  • Access to HoundDog.ai Cloud Platform for issue triage, RoPA (Record of Processing Activities) reports, and scanner rules customization.

Supported Languages

  • C# / .NET
  • Golang (coming soon)
  • Java
  • JavaScript
  • Kotlin
  • Python
  • Ruby
  • TypeScript

Requirements

For standalone binary:

  • Operating System: Linux, macOS, Windows
  • CPU Architecture: AMD64 (x86-64), ARM64
  • Shell: Bash, Zsh, Fish (Linux/macOS), or PowerShell (Windows)
  • Memory: 2GB+ of free memory

For Docker image:

  • Docker Engine (Linux) or Docker Desktop (Windows/macOS)
  • Memory: 4GB+ allocated to Docker

We recommend at least 4 CPU cores and 8GB of memory for optimal performance.

Installation

Run the commands below in your terminal to install the scanner or to upgrade to the latest version.

Linux and macOS

To install in user directory at ~/.hounddog/bin/hounddog:

curl -fsSL https://raw.githubusercontent.com/hounddogai/hounddog/main/install.sh | sh

To install system-wide at /usr/local/bin/hounddog:

curl -fsSL https://raw.githubusercontent.com/hounddogai/hounddog/main/install.sh | sudo sh

Windows

To install the standalone executable at %LocalAppData%\hounddog\bin\hounddog.exe (in PowerShell):

irm https://raw.githubusercontent.com/hounddogai/hounddog/main/install.ps1 | iex

Manual Download

Download the standalone binary and checksum files directly from our releases page.

Usage

To scan a directory using the standalone binary:

hounddog scan [DIRPATH] [OPTIONS]

To scan a directory using the Docker image:

docker run --pull=always -it --rm -v <DIRPATH>:/data hounddogai/hounddog hounddog scan [OPTIONS]

Use --help to see all available command-line options:

# For standalone binary
hounddog scan --help

# For Docker image
docker run --pull=always -it --rm hounddogai/hounddog hounddog scan --help

HoundDog.ai respects your .gitignore file. To ignore additional files or folders, create a .hounddogignore file at the root of the target repository using the .gitignore pattern format. Please refer to our documentation for using a HoundDog API key to unlock paid features.

Quickstart

For quick demonstration, we provide a test application with deliberate security flaws.

First, clone the repository:

git clone https://github.com/hounddogai/hounddog-test-healthcare-app

Scan it with the --output-format=markdown option to generate an offline Markdown report:

hounddog scan hounddog-test-healthcare-app --output-format=markdown

Open the generated file hounddog-test-healthcare-app/hounddog-{timestamp}.md on your browser. We recommend using the Markdown Viewer Chrome extension with mermaid and toc settings enabled. See this for more details.

Uninstallation

Linux and macOS

If installed in user directory at ~/.hounddog/bin/hounddog:

rm -r ~/.hounddog

If installed system-wide at /usr/local/bin/hounddog:

sudo rm /usr/local/bin/hounddog

Windows

If installed at %LocalAppData%\hounddog\bin\hounddog.exe:

Remove-Item -Recurse -Force $env:LocalAppData\hounddog

License

View license information for HoundDog.ai's software.

Contact

If you need any help or would like to send us feedback, please create a GitHub issue or shoot us an email at support@hounddog.ai.

About

Blazingly fast source code scanner for data security and privacy.

docs.hounddog.ai

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Shell 57.7%
  • PowerShell 42.3%