hounddog is a source code scanner that helps organizations with the following use cases:
Proactive PII Leak Prevention: Detect PII leaks in logs, files, cookies,
tokens, and third-party services early in the development cycle (e.g., during
code reviews and build pipelines) to strengthen the data security posture and
avoid costly remediation later in production.
Third-Party Risk Mitigation: Track third-party application dataflows and
detect data processing agreement violations before new product changes are
released to users.
Automatic Data Mapping for Privacy Compliance: Eliminate manual and
error-prone documentation of processing activities relying on spreadsheets and
internal surveys. Streamline the entire process and keep pace with development
to eliminate surprises.
Markdown reports for point-in-time views of the PII data elements in
your codebase, along with their sensitivity levels, occurrence counts,
file locations and code snippets.
100% complementary with other scanners: Our goal is not to replace CodeQL,
Semgrep, Snyk etc., but to fill an existing gap and be the best-in-class for
PII detection. Here are some of the common weakness enumerations covered
extensively and uniquely by HoundDog.ai:
CWE-201,
CWE-209,
CWE-312,
CWE-313,
CWE-315,
CWE-532,
CWE-539.
Privacy-focused: By default, HoundDog.ai's code scanner runs only in your
environment and your source code never leaves your premises.
Blazingly fast with a tiny footprint: HoundDog.ai's code scanner is
written in Rust, a language well-known for its performance and memory safety.
It can scan 1 million lines of code in under a minute on modern hardware, and
its unzipped binary is less than 25MBs in size. We strive to keep it super
lightweight and have minimal impact on your build pipelines.
High accuracy: We maintain a carefully curated set of rules and
definitions covering multiple domains (e.g. PII, PHI, PIFI) out of the box,
placing the highest priority on minimizing false positives. The rules are
continuously improved using AI workflows, reviewed by human experts and tested
against real-world codebases.
To scan the current directory using the
Docker image instead:
docker run --pull=always -it --rm -v .:/data hounddogai/hounddog:latest hounddog scan
The code scanner will respect your .gitignore file. To exclude additional
files and folders, create a .hounddogignore file at the root directory of your
project and specify the match patterns in .gitignore format. Example:
# Ignore dependencies
node_modules/
# Ignore a specific file
config.js
# Ignore all files in a directory
test/*
Please refer to our user documentation for
using the code scanner with an API key to unlock paid features and integrate
with CI/CD pipelines.