Quick start
Run your first Snitch security scan in under a minute.
The fastest path: install the Plugin into the AI coding tool you already use, ask your AI to run a security audit, read the findings.
1. Pick your tool
| You want to... | Use this |
|---|---|
| Audit a codebase from inside your AI editor | Plugin |
| Run scans from any terminal on your device | CLI |
| Scan every pull request automatically | GitHub Action |
2. Install
Plugin
Buy the Plugin once, get a one-line install command tied to your account. Drop it into Claude Code, Cursor, Codex, Windsurf, or any of the 30+ supported AI tools. The skill loads the 72-category methodology and sits ready.
CLI
Subscribe and download the binary from your dashboard. Run snitch scan in any repo. The CLI shells out to your locally-installed Claude / Codex / Gemini, or uses an OpenRouter key you supply.
snitch scanGitHub Action
Subscribe, paste a workflow YAML into .github/workflows/snitch.yml, push. The Action runs on every pull request out of the box.
name: Snitch
on: pull_request
permissions:
contents: read
pull-requests: write
models: read
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: snitchplugin/snitch-github-action@v1
with:
snitch-license-key: ${{ secrets.SNITCH_LICENSE_KEY }}3. Read findings
Each finding has a severity (Critical / High / Medium / Low), a CWE reference, the exact file and line, the risk, and a suggested fix. The CLI and Action also write a SARIF file that uploads cleanly to GitHub Code Scanning.