securescout-cli
Pre-commit security scanner by SecureScout. Catches hardcoded secrets, SQL injection patterns, and other critical issues in staged files before they're committed — locally, in milliseconds, no network required.
Install
npx -p securescout-cli securescout-setupThis installs Husky (if not already present) and wires SecureScout into your .husky/pre-commit hook. From then on, every git commit runs a scan automatically on staged files.
Connect your SecureScout account (optional)
If your organization uses SecureScout, generate a CLI API key from your dashboard under Settings → API Keys, then set it as an environment variable:
export SECURESCOUT_API_KEY="ssk_live_..."This lets the CLI sync your organization's custom rules in the background. Without a key, the CLI still works fully using its built-in public ruleset.
How it works
- Critical/High severity findings (e.g. hardcoded AWS keys, API secrets) block the commit.
- Medium/Low severity findings (e.g. TODOs, debug logs) print as warnings but don't block.
- Detection rules are bundled for instant, offline-first scanning, and refresh in the background roughly once every 24 hours.
Bypass
In a hurry or hit a false positive? Use git's standard escape hatch:
git commit --no-verifyLicense
Proprietary — SecureScout. Distributed via npm for ease of installation; not open source.