Open Source Security: Why We Publish Our Scan Engine

The Trust Problem in Security

Security software asks for extraordinary access. It monitors your processes, reads your logs, inspects your network traffic, and scans your file system. You are giving it the keys to your kingdom.

How do you trust it?

With proprietary security tools, the answer is: you trust the vendor. You trust that their binaries do what they claim and nothing more. You trust that their cloud services handle your data responsibly. You trust that their detection logic is sound.

We think that is an unreasonable ask. Especially for a security tool. So we open-sourced our scan engine.

What Is Open Source

The Panguard scan engine -- the core component that audits your server -- is MIT licensed and available on GitHub. Every detection rule, every test case, every line of code is auditable. You can read it, fork it, modify it, and contribute back.

This includes the 3,155 Sigma detection rules that power our rules engine. It includes the 5,895 YARA malware signatures. It includes the scanning logic for SSH configuration, open ports, file permissions, user accounts, and every other check the engine performs.

Why MIT License

We chose MIT because it is the most permissive common open-source license. You can use the scan engine in commercial products. You can modify it without publishing your changes. You can incorporate it into proprietary systems. No copyleft obligations, no license compatibility concerns.

For a security tool, this matters. Companies with strict open-source policies can adopt it without legal review. Developers can integrate it into CI/CD pipelines without license concerns. Researchers can use it in academic work without restrictions.

What Stays Proprietary

Open source does not mean everything is free. The scan engine is open. The real-time monitoring agent (Guard), the conversational AI interface (Chat), the honeypot system (Trap), and the compliance reporting platform (Report) are proprietary products.

This is the open-core model. The foundational scanning capability is free and open. The products that build on it -- continuous monitoring, automated response, threat intelligence, compliance automation -- are commercial. This lets us sustain development while ensuring the baseline tool remains accessible to everyone.

Community Contributions

Open sourcing the scan engine is not just about transparency. It is about collective intelligence. Security researchers worldwide can contribute detection rules based on threats they observe in the field. Every contribution strengthens the detection capability for every user.

The community has begun contributing new detection rules based on threats observed in the field. These contributions strengthen the detection capability for every user. That is the power of open-source security -- the collective observation capability of the global security community, packaged into a tool anyone can run.

Try It

The scan engine requires no account, no API key, and no installation footprint. One command, 60 seconds, and you have a comprehensive security audit of your server:

curl -fsSL https://get.panguard.ai/scan | bash

Read the source code. Audit the detection rules. Run it in a sandbox first if you prefer. That is the whole point -- you do not have to trust us. You can verify.