Quickstart
From download to your first scan result in under 3 minutes. No account required to scan — you only need a free account to use the AI assistant and persist scan history.
Download and install
Download the signed installer for your platform from hzsec.io/download.
macOS: Open the .dmg, drag HZSec to /Applications, and launch it. macOS Gatekeeper validates the Apple notarization automatically.
Windows: Run the HZSec-Setup.exe installer. Accept the UAC prompt and follow the setup wizard.
Sign in (optional for first scan)
HZSec lets you run an initial scan without an account so you can evaluate it first. To unlock the AI assistant and persist your scan history, create a free account at app.hzsec.io and sign in from the app. Your license is pulled automatically via ahzsec://license/... deep link.
No credit card, no expiry. The AI assistant on the free tier requires your own Anthropic API key — see AI Assistant for setup.
Run your first scan
Click New Scan in the sidebar, choose a local folder, and click Start Scan. All detectors run in parallel. Most codebases under 50,000 lines complete in under 30 seconds.
# Full scan (all detectors, default)
hzsec scan ./src
# Quick scan — code, config, and web only
hzsec scan --mode quick ./src
# Secrets only
hzsec scan --mode secret ./src
# JSON output for scripting
hzsec scan --format json . > results.jsonReview findings and take action
The results view shows a security score, findings grouped by severity (CRITICAL, HIGH, MEDIUM, LOW), and the file path and line number for each issue. Click any finding to see a description, the relevant CWE or CVE, and a recommended fix.
For deterministic findings — exposed API key format, debug=True, insecure HTTP config — an Apply Fix button is available. HZSec shows a diff before changing anything; you confirm or dismiss.