Secure the code
your AI writes — on every pull request

PullGuard is a SAST code-security scanner built for AI-assisted development. It catches what AI coding introduces — secrets leaking into LLM prompts, prompt-injection data flows, disabled AI safety guardrails, "hallucinated" dependencies — plus the classic vulnerabilities, exploit-aware CVEs (EPSS + CISA KEV), and compliance gaps you already scan for. Results appear right in your PR.

One GitHub-native tool replaces Semgrep + SonarQube + Snyk + StepSecurity + GitGuardian — and adds the AI-era security layer none of them have. Your code never leaves your runners.

Start Free See Features

Free tier — no signup, no card. Add one workflow file and open a PR.

🔒

Code stays on your runners

Docker container on your own GitHub Actions runners. Source code is never transmitted, stored, or seen by PullGuard servers. Data-residency and air-gapped-friendly by design.

📋

5 compliance frameworks

SOC 2 (8 controls), HIPAA Technical Safeguards, PCI DSS 4.0, NIST 800-53 Rev 5, ISO 27001:2022 — a PASS / CONCERN / FAIL rollup per framework on every PR, with full per-control tables (AICPA / NIST citation text) opt-in via compliance: in .driftrc.yml.

🎯

High signal, not noise

Every finding is built to be actionable — findings split actionable vs observational, and false positives are treated as bugs: closed structurally with regression tests. 2,900+ automated tests back every claim on this page; CI rejects marketing drift. OWASP Top 10 coverage validated across 18 vulnerability fixtures head-to-head with Semgrep Pro.

📄

Procurement-ready

Business Source License 1.1 → Apache 2.0 in 2030. Enterprise MSA with reverse-engineering prohibition + DPA. 4 business-hour response SLA for Enterprise; SSO (SAML / OIDC) and RBAC included. Tamper-proof audit logs & export on the roadmap.

v1.3.4

What's new — verifiable supply chain & security hardening

Prove what you run — and run something harder: signed build provenance on the image you pull, plus a structured internal red-team pass across the whole product.

Full changelog →
44
Analyzers
5
Compliance Frameworks
2,900+
Tests Passing
7
Languages with Taint Tracking
5
CVE Ecosystems
67
Languages Detected

✓ Every capability claim on this page is backed by a runnable test. Verify any of it in CI — not marketing copy, auditable code.

Six categories of risk, one scan

Security, AI-era threats, supply chain, compliance, code quality, and cost — caught automatically on every pull request, with file, line, severity, and remediation steps. No new tools to wire up, no findings wall: just what to fix and what it's worth.

🔒

Security (15 OWASP Checks)

  • AI application security (OWASP LLM & Agentic Top-10) — data-flow tracked across AI and agent features (hosted, private & self-hosted models)
  • SQL injection, XSS, SSRF, command injection, path traversal
  • Cross-file, inter-procedural taint tracking across 7 languages (JS/TS, Python, Java, C#, Go, Rust)
  • Unsafe-deserialization detection
  • XXE, CORS / CSP misconfiguration
  • NoSQL injection (MongoDB / Mongoose)
  • SSTI, unsafe reflection, file-upload validation, JWT confusion, cookie security
  • Custom taint sources & sinks via YAML — model your framework's request entry points & sinks, including proprietary CMS / internal APIs
  • Exploit-aware dependency CVEs across 5 ecosystems (npm, PyPI, Maven/Gradle, Go, RubyGems) — EPSS exploit-probability + CISA KEV "actively exploited" flag surface what attackers actually target
  • Continuous threat intel, no upgrade required — the CISA KEV exploited-vulnerability feed refreshes every few hours, so a newly-exploited CVE reaches your scans within hours, not on a release cycle. Air-gapped? The full CVE database imports offline for zero-egress scanning.
📋

Compliance Evidence (5 Frameworks)

  • SOC 2 — 8 controls (CC3.1, CC3.2, CC4.1, CC6.1, CC6.2, CC6.7, CC6.8, CC8.2)
  • HIPAA Technical Safeguards (45 CFR §164.312)
  • PCI DSS 4.0 + NIST 800-53 Rev 5 + ISO 27001:2022
  • PASS / CONCERN / FAIL per control with AICPA / NIST citation text
  • Per-PR posture delta — "CC3.2 CONCERN→PASS ✅" continuous Type II monitoring
  • Risk register with remediation SLAs (7d critical, 30d major)
🎯

Endpoint Risk Engine

  • Composes auth × taint × reachability into a per-endpoint risk tier
  • /api/export · unauthenticated + tainted = critical
  • Auth-flow analyzer detects missing or weak authentication on identified endpoints
  • Reachability enrichment filters dead routes from triage
  • Severity discipline: Critical reserved for exploitable security only — not noise
  • Security findings cannot be suppressed at the analyzer level — auditor-defensible by design
🏗️

Code Quality

  • Honest line counts (NCLOC-aligned) — heavily-documented code is not penalised, unlike SonarQube
  • Per-language thresholds — Java 1000, Go 400, TS 600 (vs one-size defaults)
  • Cyclomatic + cognitive complexity
  • Dead code, unused exports, Type 1–3 clone detection
  • Monolithic file / function detection, deep nesting
  • Import cycles, layer violations, transitive cycle detection
🔗

Supply Chain & IaC

  • GitHub Actions security — unpinned actions, pwn-request, script injection, token over-permissions
  • Git-history secret scan — flags credentials committed then deleted
  • Dockerfile misconfig — runs-as-root, :latest tag, ADD-from-URL, embedded secrets
  • Dangerous tracked files — .env, .pem, id_rsa, serviceAccountKey.json
  • Kubernetes (CIS Level 1) — privileged pods, hostNetwork, missing resource limits
  • Repo hygiene — SECURITY.md / LICENSE / CODEOWNERS / CI workflow presence
  • Air-gapped CVE database for offline scanning
🤖

Secure & Govern AI-Written Code

  • AI × security composite — when code carrying an AI-era risk signal also has a real security flaw, one prioritized "human-review" finding instead of separate noise
  • AI-governance evidence — explicit AI-authorship provenance markers, as advisory evidence toward EU AI Act & NIST AI RMF (evidence toward, never a grant)
  • AI-era risk detection (hallucinated dependencies, secrets→LLM prompts, insecure-by-default snippets)
  • Breaking change detection with caller blast radius
  • Knowledge silo risk (single-contributor files)
  • Test quality, flaky tests, type-coverage & dependency-freshness scoring
💰

Cost-of-Change Estimation

  • Dollar amounts per finding + category — configurable hourly rate
  • Actionable / Observational partition — header reads "47 actionable (+286 observations)" instead of inflated all-finding totals
  • Top 5 most expensive findings ranked inline
  • Total tech-debt cost surfaced for budget conversations
  • CFO-ready reports tied to remediation SLAs
  • Auditable suppression/pullguard ignore <rule-id> opens a follow-up PR linking the original finding for audit trail

One tool replaces three

Most teams need Semgrep for SAST + SonarQube for quality + Snyk for CVEs. PullGuard combines all three.

✓ Verified parity against 8 competitor categories (73 fixtures) — 100% OWASP parity with Semgrep Pro (18/18)

Capability PullGuard Semgrep SonarQube Snyk
OWASP Top 10 detection15 checksPro ($)Enterprise ($)Yes
Inter-procedural taintCross-filePro ($)Enterprise ($)Yes
Code quality analysis13 analyzersNoCoreNo
Dependency CVE scanning5 ecosystemsNoNoCore
Cost estimation$/findingNoNoNo
SOC 2 security evidence8 controlsNoEnterprise ($)No
Multi-framework compliance (HIPAA / PCI / NIST / ISO 27001)All 4NoNoNo
AI-era risk + AI×security compositerisk + compositeNoNoNo
PR-delta / baselines (Clean as You Code)YesYesYesYes
Air-gapped reports & dashboardSelf-contained HTMLSaaSServerCloud only
Self-hosted / air-gappedDocker (static key required)YesYesCloud only

Built for the enterprise buying center

PullGuard surfaces the right information for the right stakeholders — so procurement, security review, and rollout happen in parallel, not in sequence.

🛡️ For Security Leaders

100% OWASP Top 10 parity with Semgrep Pro. Cross-file taint tracking across 7 languages. Pwn-request, script injection, and token over-permissions detection — top CI/CD supply-chain vectors. Dependency CVE scanning across 5 ecosystems, offline-capable. Replaces Semgrep + Snyk + StepSecurity + GitGuardian with one tool, one install, one invoice.

📊 For Engineering Leaders

Dollar amounts on tech debt ("$560K to fix everything"). Grade trends over time with ETA-to-Grade-A predictions. Knowledge-silo risk flags single-contributor files. Breaking-change detection with caller blast-radius. AI-era risk detection catches hallucinated dependencies, secret-to-LLM leaks, and insecure defaults. Budget conversations backed by per-finding estimates — not vibes.

📋 For Compliance & IT

Five compliance frameworks on every PR: SOC 2 (8 controls), HIPAA Technical Safeguards, PCI DSS 4.0, NIST 800-53 Rev 5, ISO 27001:2022. PASS / CONCERN / FAIL per control with AICPA / NIST citation text — continuous Type II-ready evidence. Per-PR posture delta: "CC3.2 CONCERN→PASS ✅". Risk register with 7-day-critical / 30-day-major SLA fields. MSA-ready enterprise contracts with reverse-engineering prohibition + DPA.

What a clean scan looks like

Below is the actual Step Summary PullGuard renders in GitHub Actions on every PR. This is a Team-tier scan showing all 44 analyzers running on a well-maintained codebase. The same layout appears for any repo — green when you're clean, with drill-down details when you're not.

🟢 PullGuard Report
Score: 96/100 · Grade 🟢 A · 0 findings across 247 files · 44/44 analyzers · Team tier
Duration: ~8s (cached rescans <100ms) · License: valid · Trend: improving (85 → 96 over last 5 scans)

📊 Health Dashboard

CategoryGradeFindingsChange
Security (15 OWASP checks)A0
Supply Chain (Actions + Dockerfile + git history)A0
Dependencies (5 CVE ecosystems)A0
Code QualityA0
ArchitectureA0
TestingA0
Compliance (SOC 2)A0
AI Code DetectionA0
Git HistoryA0
Type CoverageA0

🏆 Top Risks

No critical or major findings. Your codebase is clean.

💰 Cost-of-Change

SeverityCountEst. Fix Cost
Critical0$0
Major0$0
Moderate0$0
Total0$0

📋 SOC 2 Security Evidence (8 controls)

ControlStatusEvidence
CC3.1 (Risk Assessment)✅ PASSNo unmitigated security findings
CC3.2 (Fraud Risk)✅ PASSNo hardcoded credentials or historical secrets
CC4.1 (Continuous Monitoring)✅ PASSPer-PR scans + trend tracking provide ongoing evidence
CC6.1 (Logical Access)✅ PASSNo authentication or authorization weaknesses
CC6.2 (Authentication)✅ PASSNo weak / missing auth on identified endpoints
CC6.7 (Cryptographic Controls)✅ PASSNo insecure crypto, weak RNG, or timing-attack vectors
CC6.8 (Unauthorized Software Prevention)✅ PASSAll dependencies current, no unpinned GHA, no risky Dockerfile patterns
CC8.2 (Change Impact Analysis)✅ PASSBreaking-change detection + caller blast radius surfaced
Compliance posture delta: CC3.2 CONCERN→PASS ✅ · CC6.8 CONCERN→PASS ✅ (2 controls improved since last scan) · Plus HIPAA / PCI DSS 4.0 / NIST 800-53 / ISO 27001:2022 sections opt-in via compliance: in .driftrc.yml

📈 Trend

Improving · Score 85 → 96 over last 5 scans · ETA to Grade A: achieved

Generated by @pullguard/cli in ~8s · 44 analyzers · Team tier

This is the same Step Summary you'll see in your GitHub Actions tab on every PR. Enterprise evaluators: this output renders identically for you during your security-review period — the report shape is a contract, not a teaser.

Simple pricing

Self-serve for small teams. Enterprise conversations for larger orgs.

Free

$0
forever
  • 14 core analyzers (incl. dangerous-files & repo-hygiene)
  • Unlimited public repos
  • 1 private repo
  • Grade, score, findings
  • ✗ Security & taint analysis
  • ✗ Cost estimation
  • ✗ SOC 2 compliance
Get Started Free

Pro

$29/mo
per month
  • 42 of 44 analyzers
  • 1 private repo
  • Security & taint analysis
  • AI-era risk detection
  • Cost-of-change estimation
  • SARIF for Code Scanning
  • Dependency CVE database
Subscribe to Pro

Solo developers & single projects.

Enterprise

From $15k/yr
annual contract
Repository bands
Starter — up to 50 repos$15k/yr
Growth — up to 200 repos$30k/yr
Unlimited repos$60k/yr
  • Everything in Team
  • Self-hosted PullGuard Server — org-wide dashboards, source never leaves your runners
  • SSO: SAML 2.0 & OIDC (Okta, Azure AD, Google, OneLogin)
  • RBAC (Viewer / Maintainer / Admin)
  • Persistent triage database — dismiss a false positive once, across all future scans
  • Air-gapped deployment (no call-home)
  • Priority 4 business-hour response SLA + dedicated Slack channel
  • Tamper-proof audit logs & export — on the roadmap
Custom contract availablei DPA, MSA with reverse-engineering prohibition + audit rights, customer-managed deployment, bespoke rule sets, dedicated CSM, quarterly vendor-risk review.
Book a 30-min call

50+ repos, regulated industries, org-wide security.

Need more than Team's 10 repos? Enterprise scales by repository band (50 / 200 / unlimited) with a self-hosted server, SSO, dedicated support, and a signed contract. Ask about competitor migration (Semgrep / SonarQube / Snyk) with preserved rulesets.

Get started in 60 seconds

No account, no email, no credit card. Add one file to your repo.

# .github/workflows/pullguard.yml
name: PullGuard
on: [pull_request]
permissions:
  contents: read
  pull-requests: write
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: pullguard-dev/pullguard-action@v1
        # Free: 14 analyzers. Add license-key for Pro (42 of 44) or Team/Enterprise (all 44 + custom rules + 5 compliance frameworks)
1

Copy the YAML

Add the workflow file above to your repo. That's the entire setup.

2

Open a PR

PullGuard scans automatically. Grade, findings, and cost estimate appear in Actions.

3

Upgrade when ready

Add a license key secret to unlock all 44 analyzers, taint tracking, supply-chain + IaC checks, and SOC 2 evidence.

Free tier — no account required. Pro/Team/Enterprise: hello@pullguard.dev

Frequently asked questions

Security, pricing, languages, AI-code coverage, and compliance — answered.

What is PullGuard?

PullGuard is a SAST (static application security testing) scanner that reviews every GitHub pull request for security, code quality, and compliance issues. It runs as a GitHub Action or Docker container inside your own CI, posts findings as a PR comment and Check Run, and grades the change so problems are caught before they merge.

How is PullGuard different from SonarQube, Snyk, or Semgrep?

PullGuard combines what usually takes several tools: OWASP coverage including the LLM and Agentic Top-10, exploit-aware CVE scanning (EPSS plus CISA KEV), cross-file taint tracking across 7 languages, supply-chain and IaC checks, and compliance evidence — all in one GitHub-native tool. Your code never leaves your CI runner.

Is there a free tier?

Yes. The Free tier is $0, includes 14 analyzers, covers unlimited public repositories plus one private repository, and requires no account. Paid tiers (Pro, Team, Enterprise) unlock the full analyzer set, taint tracking, and all compliance frameworks.

Which languages does PullGuard support?

PullGuard recognises 67 languages, with deep AST-based taint tracking across 7 of them, including JavaScript and TypeScript, Python, Java, Go, and C#.

Can PullGuard secure code written by AI assistants like Copilot?

Yes, that is a core focus. PullGuard checks the OWASP LLM and Agentic Top-10, flags insecure-by-default and hallucinated-dependency patterns common in AI-generated code, and composes an AI×security risk signal so AI-authored changes get extra scrutiny.

Does PullGuard help with the EU AI Act and NIST AI RMF?

PullGuard can produce AI-authorship provenance markers and security evidence that support your documentation toward frameworks such as the EU AI Act (Article 50) and the NIST AI Risk Management Framework. This is advisory evidence to assist your own compliance process — PullGuard is not a certification and does not by itself make code compliant.

Which compliance frameworks does PullGuard cover?

PullGuard maps findings to SOC 2, HIPAA, PCI DSS 4.0, NIST 800-53, and ISO 27001, and surfaces a compliance posture on every pull request.

Does my source code leave my infrastructure?

No. PullGuard runs entirely on your own GitHub Actions runners. Source code, file contents, and analysis results stay in your CI — paid tiers send only a license key and repository name for subscription validation.