Guardy

🛡️ What is Guardy?

A comprehensive overview of Guardy - the fast, secure git hooks and secret scanning tool

Overview

Guardy is a high-performance code security suite written in Rust that provides three core capabilities:

  1. Git Hooks Management - Native, fast git hooks with parallel execution
  2. Secret Scanning - Multi-threaded detection of secrets and credentials
  3. File Synchronization - Keep configuration files in sync across repositories

Unlike traditional Node.js-based tools (Husky) or Python-based solutions (pre-commit), Guardy is a single native binary with zero runtime dependencies, making it incredibly fast and reliable.

Why Guardy?

The Problem

Modern development teams face several challenges:

  • Security Gaps: Developers accidentally commit secrets, API keys, and credentials
  • Inconsistent Standards: Different team members use different tools and configurations
  • Performance Issues: Node.js/Python-based hooks slow down the development workflow
  • Complex Setup: Multiple tools required for hooks, scanning, and file sync
  • AI-Assisted Coding Risks: LLMs may generate or expose sensitive data

The Solution

Guardy addresses these challenges with a unified, high-performance approach:

  • Single Binary: No runtime dependencies - just download and run
  • Native Performance: Written in Rust for maximum speed and reliability
  • Parallel Execution: Run multiple checks simultaneously
  • Smart Caching: Skip unnecessary work with intelligent file tracking
  • Comprehensive Security: 100+ built-in patterns for secret detection

Key Features

🚀 Lightning Fast

  • Multi-threaded scanning - Utilizes all CPU cores
  • Parallel hook execution - Run multiple commands simultaneously
  • Smart file filtering - Only scan what's necessary
  • Native binary - No interpreter overhead

🔒 Comprehensive Security

  • 100+ detection patterns - API keys, passwords, tokens, certificates
  • Entropy analysis - Detect high-entropy strings that look like secrets
  • Custom patterns - Define your own regex patterns
  • Allowlisting - Exclude false positives

🪝 Flexible Git Hooks

  • All standard hooks - pre-commit, commit-msg, pre-push, and more
  • Built-in actions - Secret scanning, conventional commits validation
  • Custom commands - Run any command or script
  • Template variables - Access staged files, commit messages, etc.

🔄 File Synchronization

  • Repository sources - Sync from Git repositories
  • Version pinning - Lock to specific tags, branches, or commits
  • Selective sync - Include/exclude patterns for precise control
  • Conflict detection - Know when local changes differ from source

Who Should Use Guardy?

Development Teams

Teams that need to:

  • Enforce security standards across all developers
  • Prevent accidental secret commits
  • Maintain consistent code quality
  • Share configuration files across projects

Security-Conscious Organizations

Organizations that require:

  • Compliance with security policies
  • Protection against data leaks
  • Audit trails for security checks
  • Fast, reliable security tooling

Open Source Projects

Projects that want to:

  • Protect contributors from accidental leaks
  • Maintain high code quality standards
  • Provide easy setup for new contributors
  • Run efficiently in CI/CD pipelines

Performance Comparison

Guardy significantly outperforms traditional tools:

OperationGuardyHusky (Node.js)pre-commit (Python)
Startup< 1ms~100ms~150ms
Secret Scan (1000 files)~50ms~800ms~1200ms
Hook ExecutionNative speedNode overheadPython overhead
Memory Usage~5MB~50MB~30MB

How It Works

Architecture

┌─────────────────┐
│ Git Hook Event  │
└────────┬────────┘


    ┌─────────┐
    │ GUARDY  │
    └────┬────┘

         ├──► Load Configuration (.guardy.yaml)

         └──► Execute Hooks (Parallel)

              ├──► Built-in Actions
              │    ├─► Secret Scanning
              │    └─► Commit Validation

              └──► Custom Commands
                   └─► User Scripts


                ┌──────────────┐
                │ Report Pass/ │
                │     Fail     │
                └──────────────┘

Workflow Integration

  1. Developer makes changes - Edit code, add files
  2. Git hook triggers - On commit, push, etc.
  3. Guardy executes - Runs configured checks
  4. Results reported - Pass/fail with detailed output
  5. Action taken - Commit proceeds or is blocked

Design Philosophy

Zero Dependencies

Guardy is distributed as a single static binary with no runtime dependencies. This means:

  • No need for Node.js, Python, or any runtime
  • Works on any system immediately
  • No dependency conflicts or version issues
  • Consistent behavior across all environments

Performance First

Written in Rust for:

  • Memory safety without garbage collection
  • Zero-cost abstractions
  • Efficient parallelism
  • Minimal resource usage

Security by Default

  • All patterns enabled by default
  • Conservative false-positive prevention
  • Clear, actionable error messages
  • No telemetry or data collection

Getting Started

Ready to secure your codebase? Check out our getting started guide to get started in under a minute.

Community & Support

License

Guardy is open source and available under the MIT license.

🛡️ Overview

Guardy - Fast, secure git hooks and secret scanning for modern development teams.

🚀 Getting Started

Get Guardy running in your project in 5 minutes

On this page

OverviewWhy Guardy?The ProblemThe SolutionKey Features🚀 Lightning Fast🔒 Comprehensive Security🪝 Flexible Git Hooks🔄 File SynchronizationWho Should Use Guardy?Development TeamsSecurity-Conscious OrganizationsOpen Source ProjectsPerformance ComparisonHow It WorksArchitectureWorkflow IntegrationDesign PhilosophyZero DependenciesPerformance FirstSecurity by DefaultGetting StartedCommunity & SupportLicense