Zero-dependency SAST scanner inline in your editor. Catches IDOR, SQL injection, XSS, path traversal, and 30+ more CWE types as you code — fully offline, no API keys.
Features
🔍 Real-time scanning — findings appear inline as you type
🛡️ IDOR detection — catches authorization bugs other tools miss
📊 Trace-backed findings — see the full taint path from source to sink
🌐 5 languages — Python, JavaScript/TypeScript, Go, Java, C#
📋 SARIF output — one-click export for GitHub Code Scanning
🔒 100% offline — no cloud, no API keys, no telemetry
⚡ Auto-detects guardmarly CLI — works with pip, pipx, or python -m