Hey HN, I built foxguard because most security scanners use bloated python to use locally. Semgrep takes 10-30s on a medium repo. foxguard finishes in under a second on the same codebase (61x faster on the express codebase for example).

It's a Rust binary using tree-sitter for AST parsing and rayon for parallelism. 100+ built-in rules across JS/TS, Python, Go, Ruby, Java, PHP, Rust, C#, Swift. No JVM, no Python runtime, no network calls.

The idea: if your security scanner is fast enough to run on every save (not just in CI), people might actually use it.

> npx foxguard . to try it

Happy to answer questions about the tree-sitter approach, rule implementation, or the Semgrep compatibility layer.