Getting
started.

Installation

Buy the standalone plugin at /plugin, download the ZIP, unzip, and run install.sh (macOS/Linux) or install.ps1 (Windows). The installer auto-detects your AI tools and copies files to the right place.

Usage

Tell your AI tool: "run a security audit." Snitch presents a scan selection menu with options including Quick Scan, Web Security, Compliance, and Full System Scan.

Categories

68 security categories covering OWASP Top 10:2025, API Security:2023, and LLM:2025. Each category has detection patterns, context checks, and false positive prevention rules.

Custom Rules

Add organization-specific patterns by dropping markdown files in the custom-rules/ directory.

Exports

After scanning, export findings as SARIF 2.1.0 (GitHub Security tab), CSV (spreadsheets), or create tickets in Jira, Linear, and GitHub Issues.

False Positives

Suppress findings with // snitch-ignore-next-line CWE-XXX inline, /* snitch-ignore-file */ at the top, or a .snitch-ignore file in your project root.

Pre-commit Hook

Copy hooks/pre-commit.sh to .git/hooks/pre-commit to auto-scan staged files before each commit.

CI/CD

GitHub Actions, GitLab CI, Bitbucket Pipelines, Azure DevOps, and Jenkins configs included.