'Heimdall' scans your code for security flaws using Claude, Gemini, or any local AI you already have
Heimdall is a free, open-source that finds security in your codebase by routing your files to whichever local AI tools you already have installed — Claude Code, Gemini CLI, Codex, or Opencode. You point it at a source folder, it sends the files to the AI, collects the findings, and produces a clean report in JSON, Markdown, or SARIF format. You can run multiple AI backends in parallel; Claude and Gemini often catch different issues, so combining them gives broader coverage.
A built-in step ensures the same problem is shown only once, whether two AI tools flagged it or it appeared in a previous scan. Everything stays on your local machine — no code is sent to external servers and no separate API keys are needed. It works across languages including JavaScript, Python, Go, Java, Rust, C#, and PHP.
Running `heimdall web` opens a local dashboard at port 4040 where you can browse past scan results and .
Key points
- Reuses local AI tools you already have — no extra API keys or cloud accounts needed
- Code never leaves your machine, making it safe for sensitive projects
- Running Claude and Gemini together catches more issues than either alone
- removes repeated findings across tools and across scan runs
- One-liner install via curl; web dashboard for browsing scan history at port 4040