Skip to main content
Early access: get Pro free for 3 months →
DocsContact
How it works

HZSec in four steps.
No video required.

From installation to your first compliance report — this is what the full HZSec workflow looks like. All local. All yours.

Local-first·No cloud upload·Mac & Windows
Download HZSec →View pricing
Step 01

Run a local scan.

Point HZSec at any folder on your machine. No repo access, no cloud upload, no config file to write. The scanner runs six detection modes across your code in seconds.

  • Select a path — file, module, or entire repo
  • Choose quick scan or full 6-mode deep scan
  • Results appear in the Scan Center in under 30s
  • .gitignore is respected — no noise from build artifacts
~/myproject — hzsec scan .
$ hzsec scan ./src --deep
✓ Scanning 847 files across 6 detection modes...
 
FINDINGS
  [CRITICAL]  AWS access key exposed            config/prod.env:3
  [HIGH]      TLS certificate verification off  server/config.js:41
  [HIGH]      CORS wildcard origin policy       middleware/cors.js:12
  [MEDIUM]    DEBUG=true in production         .env.production:7
  [MEDIUM]    Hardcoded password in test fixture  tests/auth.test.js:23
 
SUMMARY
  Security score:  78 / 100  (↑ 4 from last scan)
  OWASP Top 10:   71%   CIS: 64%
  Scan duration:  3.2s (847 files)
 
→  1 auto-fix available · Open Scan Center
HZSec — Scan Center
HZSec
▣ Scan Center
◈ Assistant
◎ Live Monitor
≡ Audit Log
⚙ Settings
Security Posture
Score: 78LOW THREATOWASP 71%
CRITICALAWS access key exposed
config/prod.env:3
Hardcoded AWS access key found. Keys in source files are readable by anyone with repo access and in git history permanently.
OWASP A02Auto-fix available
HIGHTLS certificate verification off
HIGHCORS wildcard origin policy
MEDIUMDEBUG=true in production
Step 02

Review your findings.

Every finding shows the severity, the exact file and line, what the risk is, which compliance control it maps to, and whether an auto-fix is available. No raw CVE dumps, no mystery output.

  • Severity ranked: Critical → High → Medium → Info
  • File path and line number for every finding
  • Compliance tag (OWASP, CIS, SOC 2) on each result
  • One-click auto-fix with diff shown before applying
Step 03

Ask the AI assistant.

The assistant already knows your findings when you open it. Ask why something is dangerous, how to fix it safely, or what actually happened in the real breach this pattern matches.

  • Context pre-loaded — no copy-pasting code
  • Breach Intelligence: references real-world incidents
  • Live CVE feed from CISA and NVD
  • Agentic fixes: propose and apply changes with diff review
HZSec — AI Assistant
HZSec
▣ Scan Center
◈ Assistant
◎ Live Monitor
≡ Audit Log
⚙ Settings
Context: 5 findings loaded · 2 breach matches · CVE DB synced 2h ago
HZSec Assistant
The exposed key in config/prod.env:3 matches the Uber 2022 pattern — a hardcoded credential in a config file. In that incident it was exploited in <10 minutes. Here's the safe fix:
# config/prod.env
- AWS_ACCESS_KEY="AKIAIOSFODNN7EXAMPLE"
+ AWS_ACCESS_KEY=${AWS_KEY}
You
What if the key was already pushed to git?
HZSec Assistant
Assume it's compromised. Revoke it in AWS IAM immediately, then issue a new one. Removing it from git history doesn't help — it was readable at push time...
HZSec — Audit Log · Compliance
HZSec
▣ Scan Center
◈ Assistant
◎ Live Monitor
≡ Audit Log
⚙ Settings
OWASP Top 10
71%
CIS Benchmarks
64%
SOC 2 Controls
58%
Recent audit entries
14:32Fixed: AWS key → env var
14:28Scan completed · 5 findings
14:10Live Monitor: 1 new finding
09:15Scan completed · 9 findings
Step 04

Track compliance
and audit history.

Every scan auto-tags findings to OWASP, CIS, and SOC 2. Fix something and your compliance scores update immediately. The audit log timestamps every action — scans, fixes, new Live Monitor alerts.

  • OWASP Top 10 / CIS / SOC 2 scores update on every scan
  • Recurring issues flagged when they reappear after a fix
  • Timestamped audit log — ready to export at any time
  • No separate compliance tool or manual spreadsheet needed
Ready to try it

This is what security
looks like on your machine.

Download HZSec and run your first scan in under five minutes. Free tier, no credit card, no cloud upload.

Download HZSec →Read the FAQ

Free tier free forever · Mac + Windows · 100% local processing