April 10, 2026
Rust rocket or linter cosplay?
A security scanner as fast as a linter – written in Rust
Dev crowd split: lightning-fast scans thrill, skeptics say it’s just a linter in a cape
TLDR: Foxguard promises sub‑second security scans on your laptop, thrilling developers fed up with slow tools. The crowd is split: fans love the speed, while skeptics say it’s just a fast linter, question how accurate it is, and want bigger, better benchmarks to prove it matters
Rust-powered newcomer foxguard burst in claiming security scans so fast you won’t notice—think 0.03 seconds instead of 10. That alone had tired developers cheering. One commenter basically said slow tools kept them away from scanning at all, and this feels like a breath of fresh air. The pitch: a tiny app you can run on every save, across 10 languages, with built‑in rules for common mistakes and a bridge to reuse your existing Semgrep rules. Translation for non‑devs: it’s like a spellchecker for code that screams through pages in a blink.
But oh boy, the comments lit up. Skeptics poked hard, calling it “as fast as a linter because it is a linter,” accusing foxguard of pattern-spotting rather than deep detective work. Another voice warned some checks look “brittle,” worrying it could be fooled by messy or intentionally tricky code. Others asked for receipts: bigger, real‑world benchmarks, and results that measure code size by lines, not just file counts. Meanwhile, accuracy hawks demanded clarity on false alarms—because speed means nothing if it yells wolf. Still, the hype is real: devs dream of instant security feedback without the coffee break. The meme of the day? A superhero linter in a Rust cape—is it a speed hero, or just cosplay
Key Points
- •foxguard is a Rust-based local security scanner with 100+ built-in rules for 10 languages, designed to run in sub-second time locally.
- •It uses tree-sitter for AST parsing and rayon for parallelism, ships as a single native binary, and requires no network or rule downloads.
- •Supports Semgrep-compatible YAML as a subset for incremental adoption and outputs to terminal, JSON, or SARIF for GitHub Code Scanning.
- •Benchmarks show 61x–482x speedups versus Semgrep (with cached rules) on several small-to-medium repositories.
- •Provides secrets scanning (e.g., AWS, GitHub/GitLab/Slack/Stripe tokens), VS Code integration, pre-commit hooks, and changed-file scanning; not intended as a full Semgrep/OpenGrep replacement.