hounddogai/hounddog

By hounddogai

Updated 6 days ago

Modern code scanner for data security and privacy.

Image
Security
Developer tools
1

10K+

hounddogai/hounddog repository overview

HoundDog.ai

hounddog is a source code scanner that helps organizations with the following use cases:

  • Proactive PII Leak Prevention: Detect PII leaks in logs, files, cookies, tokens, and third-party services early in the development cycle (e.g., during code reviews and build pipelines) to strengthen the data security posture and avoid costly remediation later in production.
  • Third-Party Risk Mitigation: Track third-party application dataflows and detect data processing agreement violations before new product changes are released to users.
  • Automatic Data Mapping for Privacy Compliance: Eliminate manual and error-prone documentation of processing activities relying on spreadsheets and internal surveys. Streamline the entire process and keep pace with development to eliminate surprises.
Free Features
  • Source code scanning with standalone binary or Docker image.
  • Markdown reports for point-in-time views of the PII data elements in your codebase, along with their sensitivity levels, occurrence counts, file locations and code snippets.
Starter and Enterprise Features
  • Continuous monitoring on vulnerabilities exposing PII in cleartext through logs, files, cookies, tokens, and third-party APIs.
  • Graphical visualizations displaying the flow of PII to various data sinks.
  • CI/CD integration with Azure Pipelines, BitBucket Pipelines, GitHub Actions, GitLab CI/CD, CircleCI, Jenkins, etc.
  • Security dashboard integration with GitHub Enterprise and GitLab Ultimate.
  • Access to HoundDog.ai Cloud Platform for triaging issues, creating Jira tasks, generating RoPA (Record of Processing Activities) reports, and scan rules customization.
  • (Coming soon) Automatic configuration of scan rules based on your data processing agreements for continuous DPA compliance and risk mitigation.

How is it different from other scanners?

  • 100% complementary with other scanners: Our goal is not to replace CodeQL, Semgrep, Snyk etc., but to fill an existing gap and be the best-in-class for PII detection. Here are some of the common weakness enumerations covered extensively and uniquely by HoundDog.ai: CWE-201, CWE-209, CWE-312, CWE-313, CWE-315, CWE-532, CWE-539.
  • Privacy-focused: By default, HoundDog.ai's code scanner runs only in your environment and your source code never leaves your premises.
  • Blazingly fast with a tiny footprint: HoundDog.ai's code scanner is written in Rust, a language well-known for its performance and memory safety. It can scan 1 million lines of code in under a minute on modern hardware, and its unzipped binary is less than 25MBs in size. We strive to keep it super lightweight and have minimal impact on your build pipelines.
  • High accuracy: We maintain a carefully curated set of rules and definitions covering multiple domains (e.g. PII, PHI, PIFI) out of the box, placing the highest priority on minimizing false positives. The rules are continuously improved using AI workflows, reviewed by human experts and tested against real-world codebases.

Requirements

  • Standalone Binary:

    • Operating System: Linux or macOS
    • CPU Architecture: x86-64 or ARM64
    • Shell: Bash, Zsh, or Fish
    • Memory: Minimum 1GB of free memory
  • Docker Image:

    • Docker Engine on Linux or Docker Desktop on Windows/macOS
    • Memory: Minimum 1GB of free memory allocated to Docker

Supported Languages

  • C# / .NET
  • Golang (coming soon)
  • GraphQL
  • Java
  • JavaScript
  • Kotlin
  • OpenAPI / Swagger
  • Python
  • Ruby
  • SQL
  • TypeScript

Installation

To install the standalone binary in your user directory at ~/.hounddog/bin/hounddog:

curl -fsSL https://install.hounddog.ai | bash

To install it system-wide at /usr/local/bin/hounddog (sudo required):

curl -fsSL https://install.hounddog.ai | sudo bash

To upgrade to the latest version, simply run the commands above again.

You can alternatively download the binary and the checksum directly from our releases page.

Usage

To scan a file or directory using the standalone binary:

hounddog scan [path] [options]

To see all available command-line options:

hounddog scan --help

To scan the current directory using the Docker image instead:

docker run --pull=always -it --rm -v .:/data hounddogai/hounddog:latest hounddog scan

The code scanner will respect your .gitignore file. To exclude additional files and folders, create a .hounddogignore file at the root directory of your project and specify the match patterns in .gitignore format. Example:

# Ignore dependencies
node_modules/

# Ignore a specific file
config.js

# Ignore all files in a directory
test/*

Please refer to our user documentation for using the code scanner with an API key to unlock paid features and integrate with CI/CD pipelines.

Quickstart

To demonstrate the capabilities of the scanner, HoundDog.ai offers a test application with deliberate security flaws. First, clone the repository:

git clone https://github.com/hounddogai/hounddog-test-healthcare-app

Then scan it with --output-format=markdown to generate a Markdown report:

hounddog scan hounddog-test-healthcare-app --output-format=markdown

Open the generated file hounddog-test-healthcare-app/hounddog-{timestamp}.md on your browser.

Note: We recommend using Google Chrome and the Markdown Viewer extension, with mermaid and toc settings enabled (see here for more details).

Uninstallation

If installed in user directory at ~/.hounddog/bin/hounddog:

rm -r ~/.hounddog

If installed system-wide at /usr/local/bin/hounddog:

sudo rm /usr/local/bin/hounddog

License

View license information for HoundDog.ai's software.

Contact

If you need any help or would like to send us feedback, please create a GitHub issue or shoot us an email at [email protected].

Tag summary

Content type

Image

Digest

sha256:c92e177bc

Size

22.3 MB

Last updated

6 days ago

docker pull hounddogai/hounddog:staging