Free to run · zero-config security for AI-assisted coding
Supply-chain security for vibe-coded software.
GuardDog sits in the loop with your AI coding assistant — vetting every package before it's installed and scanning every file it writes — so a shady dependency or a leaked API key never quietly makes it into your project.
What GuardDog does
Two problems, one tool.
Vibe coding — building fast by describing what you want to an AI assistant — moves quickly enough that two things slip through unnoticed: a third-party package with a bad license, a known vulnerability, or an abandoned maintainer; and a hardcoded secret or unsafe pattern the assistant writes and never mentions.
GuardDog closes both gaps automatically, running through the assistant you already use — no separate dashboard, no new habit to build.
- Vets every package install: license, known vulnerabilities, maintenance health
- Scans every file an assistant writes or edits: secrets, injection, unsafe deserialization, and more
- Runs the same static pipeline as a CI gate via guarddog scan — free, no API key required
Get started
One command, everything you need.
guarddog-setup.sh installs the guarddog binary plus everything it needs to scan your code, bundled together as one download with one checksum. No compiler, no separate installs, safe to run unattended.
curl -fsSL https://byteowl-guarddog-releases.s3.us-east-1.amazonaws.com/guarddog-setup.sh | sh- macOS and Linux — GuardDog's core scanning engine has no native Windows build; on Windows, install inside WSL and run the same command there.
- Installs to ~/.local/bin by default; override with --install-dir <path> or GUARDDOG_INSTALL_DIR.
- This is exactly what you can tell your AI assistant to run on your behalf — no prompts, nothing interactive.
Every release, verifiable
All versions, always up to date.
This list is read straight from the same place guarddog-setup.sh downloads from — the moment a new version ships, it shows up here automatically, with a direct download and checksum for each platform.
Checking for releases…
Release notes
What's new in GuardDog.
What changed in each release and what it means for you — not how it was built.
Checking for release notes…
Two commands to full protection
Wire it in, then forget about it.
guarddog init is read-only — it inspects your project and prints the exact hook snippet to add for whichever AI assistant you use (Claude Code, Cursor, or GitHub Copilot), rather than editing config files for you.
guarddog init- Once the printed snippet is applied, two things start happening automatically: a pre-install vetting gate, and a post-edit scan of anything your assistant just wrote.
- Not sure it's actually protecting you? guarddog doctor prints a plain checklist of exactly what's set up.
What you get
Protection that just runs.
Two automatic checks cover the two places risk actually gets introduced — installing a new package, and writing new code — so there's nothing extra to remember and no separate tool to open.
- Every package checked before install: license, known vulnerabilities, and maintenance health
- Every file checked the moment it's written or edited: secrets, injection, unsafe patterns, and more
- JavaScript/TypeScript, Python, and Java projects also get a code-quality lint pass alongside the security checks
- Findings and fix suggestions appear right in your assistant's own chat — nothing extra to read
- AI-quality code review included at no extra cost, through the assistant you're already using
Full control from the terminal
The same pipeline, on demand.
guarddog scan runs the complete static pipeline against a repo and reports each engine's findings independently — static analysis, secrets, dependencies, and linting (JavaScript/TypeScript, Python, Java) — with real scan-volume numbers (files scanned, rules evaluated, dependencies checked), not just a pass/fail count. Drop it into CI or a pre-commit hook: it exits nonzero on critical findings.
guarddog scanguarddog scan [path]Full static (+ optional AI) scan — -json for machine-readable outputguarddog initReport missing hook config for this project, read-onlyguarddog doctorPlain-English check: is GuardDog actually set up here?guarddog acceptRecord, list, or remove an accepted risk for this projectguarddog configureSet up GuardDog Advanced (optional paid AI tier)guarddog helpFull command/flag reference — help json for machine-readable outputNot every finding needs a fix
Ignore the fakes, accept the real ones.
Two project-local files handle the two different reasons a finding might not need action — both plain text, both meant to be committed and reviewed like any other config, never global to your machine.
- .guarddogignore — for findings that aren't real: a test fixture with a deliberately fake secret, sample vulnerable code kept for a demo
- .guarddogaccept / guarddog accept — for a finding that is real but the project has knowingly decided to live with, like a dependency vulnerability with no patch yet
guarddog accept add -reason "no patched version yet, tracked upstream" guarddog.vuln.dependency package-lock.json- An accepted finding still shows up in guarddog scan's report for visibility — it just doesn't count toward severity totals or the CI exit-code gate.
Optional — never required
GuardDog Advanced, for unattended runs.
Pattern-based checks catch known-bad shapes; they can't reason about intent. GuardDog Advanced sends flagged (and nearby) source to an AI model for a context-aware pass — useful for CI or cron runs with no assistant in the loop to review things itself for free.
Everything above — package vetting, the post-edit scan, guarddog scan's full pipeline — runs at no cost without it. This is the one part of GuardDog that isn't free.
guarddog configureRequirements
macOS and Linux, natively.
GuardDog runs natively on macOS and Linux. On Windows, install and run it inside WSL — the same install command works unmodified there.
- Claude Code, Cursor, and GitHub Copilot all supported
- Checksum-verified install — nothing runs until it's confirmed authentic
- A Claude Code skill is available, so an assistant can set itself up without a manual walkthrough
mkdir -p .claude/skills/guarddog && curl -fsSL "https://byteowl-guarddog-releases.s3.us-east-1.amazonaws.com/$(curl -fsSL https://byteowl-guarddog-releases.s3.us-east-1.amazonaws.com/latest.txt)/SKILL.md" -o .claude/skills/guarddog/SKILL.mdCommon questions
Frequently asked, plainly answered.
What is GuardDog?
GuardDog is a supply-chain security scanner for AI-assisted ("vibe-coded") development. It vets every package before it's installed and scans every file your AI coding assistant writes, catching a bad dependency or a leaked secret before it reaches your project.
Is GuardDog free?
Yes. The full static scanner (guarddog scan) and the automatic pre-install and post-edit checks run at no cost, with no API key or subscription required. GuardDog Advanced — an optional AI-powered review tier for unattended runs like CI — is the only part that isn't free.
What platforms does GuardDog support?
GuardDog runs natively on macOS and Linux. On Windows, install and run it inside WSL — the same install command works unmodified there.
What languages does GuardDog support?
JavaScript/TypeScript, Python, and Java — that's it, deliberately. GuardDog's checks are scoped to these three rather than spread thin across many.
Which AI coding assistants does GuardDog work with?
Claude Code, Cursor, and GitHub Copilot are all supported, through each assistant's own hook mechanism — no separate dashboard to check.
How do I install GuardDog?
Run one command: curl -fsSL https://byteowl-guarddog-releases.s3.us-east-1.amazonaws.com/guarddog-setup.sh | sh — it installs the guarddog binary plus everything it needs to scan your code as a single checksum-verified download.
What does GuardDog actually scan for?
Two things: every package install is vetted for license issues, known vulnerabilities, and maintenance health; and every file an assistant writes or edits is scanned for secrets, injection, unsafe deserialization, and other unsafe patterns.
Does every finding have to be fixed?
No. .guarddogignore marks findings that aren't real, like a test fixture with a deliberately fake secret. .guarddogaccept (or guarddog accept) records a real finding the project has knowingly decided to live with. Both still show up in guarddog scan's report for visibility, but neither counts toward severity totals or the CI exit-code gate.