Early access: get Pro free for 3 months →

Documentation

HZSec Documentation

HZSec is a local-first security platform for developers. Scan your code for vulnerabilities, monitor changes in real time, and get AI-assisted remediation — without a single line of source code leaving your machine.

Install & first scan — 3 minutes

# 1. Download the desktop app from hzsec.io/download
#    macOS: open the .dmg and drag to /Applications
#    Windows: run HZSec-Setup.exe

# 2. Run your first scan with the CLI
hzsec scan ./src

Download the signed installer from hzsec.io/download. See Installation for full setup steps.

What HZSec detects

Secrets & Credentials

API keys, tokens, and passwords committed to code. 40+ patterns plus entropy analysis.

Insecure Configuration

Debug flags, HTTP endpoints, weak TLS, and env variable misuse across 6 languages.

Vulnerable Code Patterns

SQLi, XSS, path traversal, and unsafe deserialization based on OWASP/CWE.

Dependency CVEs

Open-source packages with known CVEs via CISA KEV and NVD. Updated daily.

Web Exposure

Open CORS, missing security headers, CSP gaps, and exposed admin routes.

System Hardening

File permissions, service configs, and CI/CD configuration gaps.

In these docs

QuickstartGetting Started

Up and running in under 3 minutes.

InstallationGetting Started

macOS, Windows, signature verification.

First ScanGetting Started

Run a scan and read your first results.

Scan ModesScanning

6 detection categories and how to tune them.

CLI ReferenceScanning

Every command, flag, and exit code.

ArchitecturePlatform

How local-first works under the hood.

AI AssistantDefend

Context-aware help from breach intelligence.

Live MonitorDefend

Real-time file watching and alerting.

ComplianceGovern

OWASP, CIS, and SOC 2 mapping and reporting.