# Tharos
Modern AI-Powered Git Hook Security Scanner Tharos is a specialized git commit hook scanner that acts as an intelligent gatekeeper for your codebase. It combines lightning-fast AST analysis with deep AI semantic insights to catch security vulnerabilities and leaks before they are committed to your repository. ✨ Features🛡️ Core: Intelligent Git HooksTharos's primary interface is your git workflow. It provides automated security gating that prevents high-risk code from ever leaving your machine.
🔒 AI-Powered Security Analysis
4. GitHub Actions
🧠 AI Provider FlexibilityAutomatic fallback chain:
📦 InstallationNPM (Recommended)
From Source
🚀 Quick Start1. Initialize Your Project
This creates:
2. Configure Your PolicyChoose a pre-built policy or create your own:
3. Set Up AI Providers (Optional but Recommended)Tharos works without AI but provides deeper insights with it enabled. Choose either provider (both have free tiers): 🧠 Option 1: Google Gemini (Recommended)Best for: Powerful analysis, generous free tier
⚡ Option 2: Groq (Fast & Free)Best for: Speed, low latency
Check your setup:
4. Run Analysis
🧪 Automated TestingTharos includes a built-in test suite to verify security policies and engine performance.
This suite tests Tharos against the 📋 Configuration
|
| Policy | Description | Rules | Use Case |
|---|---|---|---|
owasp-top10.yaml |
OWASP Top 10 2021 | 50+ | General web security |
soc2.yaml |
SOC 2 Type II | 40+ | SaaS compliance |
gdpr.yaml |
GDPR Compliance | 35+ | EU data protection |
pci-dss.yaml |
PCI-DSS v4.0 | 45+ | Payment processing |
code-quality.yaml |
Best Practices | 60+ | Code maintainability |
🏗️ Architecture
┌─────────────────────────────────────────┐
│ Tharos Ecosystem │
├─────────────────────────────────────────┤
│ │
│ ┌──────────┐ ┌──────────┐ ┌───────┐│
│ │ CLI │ │ VSCode │ │GitHub ││
│ │ Tool │ │Extension │ │Action ││
│ └────┬─────┘ └────┬─────┘ └───┬───┘│
│ │ │ │ │
│ └─────────────┼─────────────┘ │
│ │ │
│ ┌────────▼────────┐ │
│ │ tharos-core │ │
│ │ (Go Binary) │ │
│ │ - AST Analysis │ │
│ │ - AI Integration│ │
│ └────────┬────────┘ │
│ │ │
│ ┌─────────────┼─────────────┐ │
│ │ │ │ │
│ ┌────▼────┐ ┌────▼────┐ ┌────▼───┐│
│ │ Ollama │ │ Gemini │ │ Groq ││
│ │ (Local) │ │ (Cloud) │ │(Cloud) ││
│ └─────────┘ └─────────┘ └────────┘│
└─────────────────────────────────────────┘
🤝 Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
Development Setup
# Clone repository
git clone https://github.com/chinonsochikelue/tharos.git
cd tharos
# Install dependencies
npm install
# Build Go core
cd go-core
go build -o tharos-core.exe main.go
# Build CLI
cd ..
npm run build
# Run tests
npm test
📖 Documentation
Full documentation available at https://tharos.vercel.app
🎯 Use Cases
Startup / Small Team
# Quick setup with OWASP
tharos init
cp policies/owasp-top10.yaml tharos.yaml
export GROQ_API_KEY="your-key"
Enterprise / Compliance-Focused
# SOC 2 + GDPR + PCI-DSS
tharos init
# Combine multiple policies in tharos.yaml
# Set up managed AI endpoint
export THAROS_MANAGED_KEY="your-enterprise-key"
Open Source Project
# Code quality focus
tharos init
cp policies/code-quality.yaml tharos.yaml
# Use local Ollama (no API keys needed)
ollama serve
🔐 Security
Tharos takes security seriously:
- Local-First: AST analysis runs entirely locally
- Privacy: AI analysis is optional and configurable
- No Data Collection: We don't collect or store your code
- Open Source: Full transparency, audit the code yourself
📊 Performance
- AST Analysis: < 100ms for typical files
- AI Insights: < 2s with Groq, < 5s with Gemini
- VSCode Extension: No UI blocking, async analysis
- Git Hooks: < 1s for pre-commit checks
🗺️ Roadmap
- [ ] Additional language support (C++, C#, PHP, Ruby)
- [ ] Cloud dashboard for team management
- [ ] Custom rule builder UI
- [ ] IDE integrations (JetBrains, Sublime)
- [ ] CI/CD platform integrations (GitLab, CircleCI)
- [ ] Machine learning model training on your codebase
📄 License
MIT License - see LICENSE for details
🙏 Acknowledgments
- OWASP for security guidelines
- Google Gemini team for AI capabilities
- Groq for fast inference
- The open-source community
💬 Support
- Documentation: https://tharos.vercel.app
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Discord: Join our community
Built with ❤️ by developers, for developers
🦊 Tharos - Because security shouldn't slow you down
# Tharos