Documentation

Everything you need to get started with Doorman.

Quick Start: Want to jump right in? Get scanning in under a minute.

Doorman is a zero-config, local-first security scanner for AI-assisted development. One command scans your entire codebase across 11 languages with 2,508 rules, 4 detection engines, and 500+ auto-fixes. No account, no cloud, no data sent anywhere.

You don't need to be a security expert. These docs will get you scanning in under a minute.

Getting Started

Install, run your first scan, and understand the output in under 2 minutes.

CLI Reference

Complete reference for all 9 commands, options, and output formats.

Rule Reference

Browse 2,508 rules across 10 categories with search and filtering.

Detection Methodology

How our 4-layer detection engine (regex, taint, scope, AST) works.

CI/CD Integration

GitHub Actions, GitLab CI, SARIF upload, and pre-commit hooks.

Comparison

See how Doorman compares to Semgrep, SonarQube, Snyk, CodeQL, and more.

Quick Start #

No install needed. Just run:

npx getdoorman check

That's it. Doorman detects your stack, scans your code, and shows every issue with the file and line number. Then tell your AI to fix them:

npx getdoorman fix critical

This generates a prompt you can paste into Claude, Codex, or Cursor. Or just say: "Run npx getdoorman check and fix the critical issues."