How does GauntletCI compare to SonarQube?

SonarQube analyzes the entire codebase on a schedule and requires a server, account, and network access. GauntletCI analyzes only the lines that changed in the current diff, runs entirely on the developer's machine in under one second, requires no account or cloud connection, and installs as a pre-commit hook. SonarQube is a full codebase quality platform; GauntletCI is a focused change-risk detector that runs before a commit is ever created.

How does GauntletCI compare to Semgrep?

Semgrep is a pattern-matching engine that scans files or the full codebase. GauntletCI scopes every rule to the changed diff, meaning it only flags risks introduced by the current change, not pre-existing issues in unchanged files. GauntletCI also includes incident correlation, local LLM enrichment, and baseline delta mode, which Semgrep does not offer. GauntletCI's free tier includes all rules with no account required.

How does GauntletCI compare to Snyk?

Snyk is primarily a dependency and container vulnerability scanner that requires cloud connectivity and a Snyk account. GauntletCI detects behavioral, structural, and security risks in first-party code changes, not dependency vulnerabilities, and runs 100% locally with no data transmitted. GauntletCI is suitable for air-gapped environments and organizations with strict data residency requirements; Snyk is not.

How does GauntletCI compare to CodeQL / GitHub Advanced Security?

CodeQL performs deep semantic analysis of the full codebase and requires compilation and significant compute time, typically minutes per run. GauntletCI analyzes only the changed diff in under one second with no compilation step, making it suitable as a pre-commit hook in the developer's local workflow. CodeQL is better for periodic deep security audits; GauntletCI is better for fast, continuous feedback on every commit.

How does GauntletCI compare to Code Climate?

Code Climate is a SaaS platform that analyzes full repositories for maintainability and test coverage trends over time. It requires uploading code to a cloud service. GauntletCI is fully local, diff-scoped, and focused on change risk rather than codebase health metrics. GauntletCI does not require a cloud account, never transmits code, and produces results in under one second, making it a complement to, not a replacement for, Code Climate's longitudinal reporting.

Does GauntletCI work in air-gapped or offline environments?

Yes. GauntletCI runs entirely on the local machine. No diff, finding, file path, or telemetry is transmitted. The optional local LLM enrichment feature (--with-llm) uses a locally hosted Ollama model, with no network call. This makes GauntletCI suitable for classified, regulated, or air-gapped environments where cloud-based analysis tools are prohibited.

What is baseline delta mode and do other tools offer it?

Baseline delta mode (gauntletci baseline capture) snapshots all current findings and suppresses them from future runs. Only net-new findings (risks introduced after the baseline) are reported. This eliminates alert fatigue from pre-existing issues in legacy codebases. SonarQube offers a similar 'new code' concept but requires server setup. Semgrep, Snyk, CodeQL, and Code Climate do not offer equivalent pre-commit baseline suppression.

How do I install GauntletCI?

Install GauntletCI as a .NET global tool: dotnet tool install -g GauntletCI. Requires .NET 8 or later.

How do I run my first analysis?

Run gauntletci analyze --staged to analyze staged changes before committing. You can also pipe a diff from stdin with git diff HEAD | gauntletci analyze, or point at a saved diff file with gauntletci analyze --diff changes.diff.

How do I install GauntletCI as a pre-commit hook?

Run gauntletci init inside your repository. The hook runs gauntletci analyze --staged automatically before every commit and blocks the commit with exit code 1 if blocking findings are detected.

Does GauntletCI require a cloud connection?

No. GauntletCI runs entirely on your local machine. All analysis is local and deterministic. No code or diff content is sent to any external service.

What does GauntletCI analyze?

GauntletCI reads the exact lines added and removed in your diff and evaluates them against 30+ deterministic rules. It flags behavior changes without test updates, breaking API changes, new exception paths, removed null guards, and hardcoded secrets.

Documentation

Getting Started

GauntletCI is a local-first change risk engine for C# and .NET. It analyzes pull request diffs to catch breaking changes and regressions before they merge, with no cloud connection required.

Install

$ dotnet tool install -g GauntletCI

Requires .NET 8 or later.

Run your first analysis

$ gauntletci analyze --staged

# Analyze your staged changes before committing

$ gauntletci analyze --diff pr.diff

# Analyze a saved diff file

$ git diff HEAD | gauntletci analyze

# Pipe a diff from stdin

Install as a pre-commit hook

Run this once inside your repository. GauntletCI will analyze your staged diff automatically before every commit.

$ gauntletci init

The hook runs gauntletci analyze --staged and exits with code 1 if findings are detected, blocking the commit.

What it analyzes

GauntletCI reads the exact lines added and removed in your diff and evaluates them against 20+ deterministic rules. It flags:

+Behavior changes without corresponding test updates
+Breaking public API or method signature changes
+New exception paths with no callers prepared to handle them
+Removed null guards or defensive checks
+Implicit dependency behavior shifts
+Hardcoded secrets and SQL injection risks

What it is not

GauntletCI is not a linter, formatter, test runner, or full-codebase static analysis replacement. It focuses on one question: did this diff introduce behavior that is no longer properly validated?

It runs alongside your existing tools; it does not replace them.

Next steps

CLI Reference

All commands and flags

Rule Library

All detection rules

Configuration

.gauntletci.json reference

CI/CD Integrations

GitHub Actions and more

Pricing

Free during beta - see licensing details