Why build another scanner in 2026? We wanted to improve some of our detection outcomes but noticed the current open source scanners like Semgrep/Opengrep we're capped by a bunch of adoption limitations such as being written in OCaml, requiring a lot of work to add a language parser, and the rulesets were licensed differently and required paid offerings. It also felt that licensing was moving backwards rather than forward.
We wanted something that was very fast, was easily extensible and had a great set of rules that we could use. This led us to using Rust and Tree-sitter since they are both fast and have great community adoption making extending Sighthound natural.
We wanted it to focus on source-code vulnerability classes like Sql Injection, and Xss. We haven't yet done any secrets scanning as there are a lot of great options in the market at the moment. Right now, Sighthound supports Python, JS/TS, Java, Go, C#, HTML, PHP and Ruby.
We still have a lot of work to do so, we'd love for your feedback, and contributions in however they come from adding new languages, new rules or bug fixes.