Skip to main content
Early access: get Pro free for 3 months →
DocsContact
Defend

Live Monitor

Live Monitor watches your source directory while you code. When a file change introduces a new security finding, HZSec surfaces it immediately — without you having to trigger a manual scan.

How it works

Live Monitor uses the operating system's native file event API — FSEvents on macOS and ReadDirectoryChangesW on Windows. When a file is saved, HZSec queues a targeted scan of that file (and any files it imports, for dependency analysis) using the same six detection engines as a full scan.

Only files that have changed are re-scanned. The existing findings for unchanged files are preserved from the last full scan. This means incremental results appear in under a second for most single-file saves.

< 1s
Typical latency from save to finding
< 1%
CPU overhead during idle watch
0 bytes
Source code sent over the network

Starting Live Monitor

Desktop app

  1. Click Live Monitor in the sidebar.
  2. Click Choose Folder and select the directory to watch.
  3. Click Start Watching. The status indicator turns green.
  4. Edit and save any file in the watched directory — new findings appear in the panel immediately.
Live Monitor is a desktop app feature. The hzsec CLI does not currently expose a watch command.

How findings surface

When a new finding is detected after a file save, HZSec notifies you in three ways:

In-app panel

The Live Monitor panel shows a real-time feed of new findings — severity badge, file type, and a one-line description. Click any entry to open the full detail view.

Desktop notification

A system notification appears with the severity and finding type. Clicking it brings the HZSec window to the foreground with the finding focused.

Resolved findings

When you save a file that previously had a finding and the issue is no longer present, HZSec marks it as resolved automatically and updates the score in real time.

Excluding paths

Live Monitor respects .gitignore by default. Build artifacts and node_modules are never watched. There is no additional exclusion configuration at this time.

Performance

Live Monitor is designed to be always-on without noticeably affecting editor or build performance.

·

Event-driven: HZSec reacts to OS file events rather than polling. No timer ticks, no continuous disk reads.

·

Debounced: Rapid successive saves (e.g., auto-save every keystroke) are coalesced — HZSec waits 300ms after the last write before scanning.

·

Scoped: Only the changed file and its direct import chain are re-evaluated. The full project result set is updated incrementally.

·

CPU budget: The scan worker is set to a background QoS class on macOS — the OS deprioritizes it under load so your editor stays fast.

← AI AssistantCompliance →