Snitch Docs

CLI

Run Snitch from any terminal on your laptop. Brings your own AI key.

The Snitch CLI is a binary you install on your laptop. Run snitch scan from any repo and you get a markdown report and a SARIF file. Methodology refreshes on every scan, so new categories land the day we ship them.

Install

Subscribe and download the binary from your dashboard. The CLI works on macOS, Linux, and Windows.

snitch scan

Providers

The CLI brings your own AI:

  • Local subprocess (default): if you have Claude Code, Codex, or Gemini installed and configured, the CLI shells out to them. No API key needed.
  • OpenRouter: pass --provider openrouter and an OPENROUTER_API_KEY env var.
  • Anthropic / OpenAI / Google direct: same pattern with the respective API key.

The CLI never sends your source code to snitchplugin.com. The license check, the methodology download, and per-scan metadata go to our servers. Inference happens locally or against your provider directly.

Output

By default the CLI writes:

  • SECURITY_AUDIT_REPORT.md — human-readable markdown
  • SECURITY_AUDIT_REPORT.sarif — SARIF 2.1.0 for GitHub Code Scanning, etc.

Customize paths with --markdown-output-path and --sarif-output-path.

Common flags

snitch scan                              # default flow
snitch scan --paths "src/**/*.ts"        # filter by glob
snitch scan --categories 1,2,5            # restrict to specific categories
snitch scan --batch-size 10              # tune AI batch size
snitch scan --fail-on critical           # exit non-zero on critical findings

See pricing for plans.

Plugin

A skill drop for any AI coding tool. One-time purchase, runs entirely inside the tool.

GitHub Action

Scan every pull request. Sticky comment, inline review, SARIF upload.

On this page

InstallProvidersOutputCommon flags
Snitch uses AI to generate findings. AI can make mistakes, miss issues, or flag false positives, even with guardrails. Snitch is not responsible for actions taken based on AI output. Read the full AI disclaimer