HN Showcase
Back to browse
GitHub Repository

Valk Guard scans raw SQL plus application code and catches risky queries before they merge. It parses real source code, synthesizes SQL from supported ORM/query-builder patterns, runs PostgreSQL-aware checks, and can post findings directly into pull requests.

37 starsGo

Valk Guard– Catches dangerous SQL hidden inside your ORM,no DB required

by valkdb·May 4, 2026·3 points·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemBig BrainShip It

Lints ORM chains for dangerous SQL without a DB connection, outperforming SQLFluff on ORMs.

Strengths
  • AST synthesis actually catches ORM-generated SQL that standard regex linters miss entirely.
  • Zero database dependency means CI scans run instantly without needing connection strings.
  • Supports Goqu and SQLAlchemy, covering major pain points for Go and Python.
Weaknesses
  • PostgreSQL-only parser excludes MySQL and SQLite users from adopting this tool today.
  • Limited language support beyond Go and Python excludes Node or Ruby teams.
Target Audience

Backend developers

Similar To

SQLFluff · Semgrep · SonarQube

Similar Projects