Faultline

Open Source

The Faultline scanner is open source, Apache 2.0, and locally runnable.

The OSS scanner is not crippleware. It is the developer-controlled foundation for collecting source-free governance signals in Go-heavy environments.

github.com/faultline-go/faultline

View OSS on GitHub

Install

go install github.com/faultline-go/faultline/cmd/faultline@latest

Then run faultline scan ./... in any Go repository. No account required. Output stays local.

Developer-controlled proof

Inspect the scanner locally before Enterprise sees anything.

A Go developer can run the scanner, inspect HTML, JSON, SARIF, or snapshot output, and decide whether the metadata is useful before a platform rollout or source-free upload.

$ faultline scan ./... --format html --out faultline.html
html_report: faultline.htmlsarif_report: optional for code scanningsnapshot_json: optional Enterprise evidence inputnetwork_required: false unless upload flags are set

Free local capabilities

Useful before Enterprise is ever involved.

OSS scanner

  • Run locally without sending source code to Faultline
  • Inspect Go module and repository governance signals
  • Emit HTML, JSON, SARIF, and source-free snapshot outputs
  • Track ownership and policy evidence from developer-controlled environments
  • Use under Apache 2.0 without enterprise lock-in

Enterprise adds

  • Multi-repo governance dashboard
  • Organization accountability records and role-based operator access
  • Policy pack versioning and reviews
  • Dependency health and incident correlation
  • Verified weekly digest recipients
  • Slack and Jira accountability routing
  • Signed audit exports and retention controls
  • Self-hosted deployment options

Open-core contract

OSS is the scanner, not a teaser.

Faultline Enterprise adds dashboards, accountability records, auth, retention, signed evidence, and organization-scale governance. The scanner remains a local, Apache 2.0 tool for teams that want HTML, JSON, SARIF, and snapshot outputs without a platform rollout.

Try the scanner before you trust the platform. Inspect local output first, then upload a source-free snapshot only when the team wants portfolio governance evidence.

Find the continuity gaps your current tooling cannot prove away.

You may have findings, scanners, and tickets. Under scrutiny, that still may not prove governance continuity.

Start Free TrialBook Governance Review