Contract-Guard

Free and local code, config, dependency and security scanner

Open Source

Developer Tools

GitHub

Built ContractGuard to make security and reliability analysis part of the normal development workflow instead of something developers only encounter during CI failures or external audits. ContractGuard is a local first VS Code extension that scans code, configuration files, queries, Dockerfiles, and dependency manifests directly inside the editor. It helps identify issues such as hardcoded secrets, dependency vulnerabilities, insecure configurations, schema drift, unsafe SQL patterns, regex ReDoS risks, and PII exposure without requiring external services or cloud based scanning. The extension includes inline diagnostics, a dedicated findings explorer, incremental rescanning, severity and confidence filtering, configurable analyzers, SARIF and JSON export support, runtime logging, and workspace level scanning designed for larger repositories and day to day development workflows. A major focus of the project has been balancing useful detection coverage with usability. Security tooling becomes difficult to adopt when it floods developers with noisy findings, breaks editor flow, or behaves like a compliance report generator disguised as a developer tool. ContractGuard tries to stay practical, configurable, and fast enough to use continuously during development. The current release improves both the VS Code experience and the analyzer infrastructure with better dependency discovery, stronger filtering behavior, timeout handling, preserved findings during rescans, improved packaging reliability, and expanded validation coverage across the extension and analyzer core. Everything runs locally by default. Would appreciate feedback from developers working on backend systems, infrastructure, DevOps, platform engineering, or security focused workflows. Interested in hearing where the analysis is useful, where the signal to noise ratio can improve, and what types of checks would be valuable to add next.