Threat modeling
at the speed of code.
Continuous threat modeling with AI. Embed security intent directly in your source and synchronize your threat model with every commit, enforced in CI.
██████ ██ ██ █████ ██████ ██████ ██ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ███ ██ ██ ███████ ██████ ██ ██ ██ ██ ██ ██ ██ █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ██████ ██ ██ ██ ██ ██████ ███████ ██ ██ ████ ██ ██
GuardLink v1.1.0
guardlink
Grade: D · 16 open exposures
6 high · 8 medium · 2 low
7 assets · 12 threats
12 controls · 128 ann
AI: openai/o4-mini
Top threats
#info-disclosurex4
#ssrfx2
#prompt-injectionx2
Quick start
/init Initialize project
/exposures List by severity
/files Browse files
/show <n> Detail + code
/threat-report AI threat report
GuardLink CLI · /help for commands · /gal for annotation guide · Ctrl+C to exit.
>/
/init Initialize project
/parse Parse annotations
/status Risk grade + stats
/validate Syntax + ref checks
/exposures List open exposures
/show <n> Detail + code context
/scan Coverage scanner
/assets Asset tree
/files Annotated file tree
/view <file> File annotations + code
/threat-report AI threat report
/threat-reports List saved reports
/annotate Launch coding agent
/model Set AI provider
/report Generate reports
/dashboard HTML dashboard
/diff [ref] Compare vs git ref
/sarif Export SARIF
/gal GAL annotation guide
/help Full help
/quit Exit GuardLink CLI
Introducing GAL
Simple, declarative security.
GuardLink is powered by GAL (GuardLink Annotation Language) — a universal grammar for security intent. It's language-agnostic and human-readable, making security reviews a natural part of your PR workflow.
Zero runtime overhead
Works with any language
auth.ts
// @asset App.API (#api)
// @threat SQL_Injection (#sqli) [critical]
function getUser(id) {
// @mitigates #api against #sqli
const query = "SELECT * FROM users...";
}