About The HorizonSec Project

The story behind our mission to democratize application security

The Story Behind HorizonSec

Security reviews are stressful. You've built something you're proud of, only to have a security team return with a lengthy report of issues you didn't even know you were supposed to address. The requirements were there all along—hidden in compliance frameworks, buried in best-practice guides, or simply assumed as common knowledge.

The HorizonSec Project was born from this frustration.

We're a group of builders who've been on both sides of the security equation. We've shipped code and run security reviews. We've celebrated launches and scrambled to patch vulnerabilities. Through it all, we kept asking the same question: Why does security have to be so hard?

The answer, we realized, isn't that security is inherently difficult—it's that the tools, processes, and culture around security haven't caught up with modern development practices. Security still operates like a gate at the end of the process, rather than a partner throughout the journey.

So we decided to build something different.

Meet the Founders

The builders behind The HorizonSec Project

E

Elijah

Co-Founder & Technical Lead

Full-stack developer with a passion for security automation. Experienced in building scalable systems and CI/CD pipelines. Believes that security should be seamlessly integrated into the development workflow, not bolted on as an afterthought.

Security Automation DevOps System Architecture
Z

Zach

Co-Founder & Product Lead

Product strategist and developer advocate with extensive experience in open-source ecosystems. Focused on creating developer tools that actually solve real problems. Champions the builder-first approach to security tooling.

Product Strategy Developer Experience Open Source
M

Mohib

Co-Founder & Security Lead

Security engineer and researcher with deep expertise in application security and threat modeling. Advocates for transparent, explainable security tools that empower developers rather than mystify them. Leads the technical security vision for all HorizonSec modules.

Application Security Threat Modeling Static Analysis
J

Joe

Co-Founder & Community Lead

Developer relations expert and community builder with a track record of growing engaged, supportive tech communities. Ensures that HorizonSec remains accessible to builders of all backgrounds and experience levels. Drives community-driven development and feedback loops.

Community Building Developer Relations Technical Writing

Our Shared Vision

We come from different backgrounds but share a common belief: security shouldn't be a black box that only specialists can understand. By combining our expertise in development, product strategy, security research, and community building, we're creating tools that make security accessible, transparent, and actionable for every builder.

What We're Building

The HorizonSec Project is an open-source security framework designed for the way builders actually work. It's not a single tool, but a collection of modular, composable security services that integrate directly into your development workflow.

Core Principles

1. Security Where You Are

We meet you in your environment—your IDE, your CI/CD pipeline, your deployment platform. Security testing happens where and when you need it, not as an external audit after the fact.

2. Transparency Over Obscurity

Every finding includes clear explanations, specific remediation guidance, and links to relevant documentation. No cryptic error codes, no vague "security concerns," no black-box scoring algorithms.

3. Modular by Design

Use what you need. ARTEMIS for static analysis? Great. The full suite with GAIA orchestration? Even better. Each module works independently and integrates seamlessly with the others.

4. Built for All Builders

Whether you're a solo developer building a weekend project or part of a 200-person engineering team, HorizonSec scales to your needs. No enterprise licensing, no feature gating, no complexity you don't need.

The Framework

🌍

GAIA Framework

The orchestration layer that manages security workflows, aggregates results from all modules, and provides a unified dashboard and API for security insights across your entire application stack.

Think of it as: Your security command center

🌱

DEMETER Infrastructure Scan

Scans cloud configurations, infrastructure-as-code (Terraform, CloudFormation, Kubernetes manifests), and network policies for misconfigurations and vulnerabilities.

Think of it as: Your infrastructure security auditor

💀

HADES Endpoint Security

Monitors running applications, containers, and services for behavioral anomalies, policy violations, and runtime threats. Integrates with container orchestration platforms and service meshes.

Think of it as: Your runtime security guardian

🏹

ARTEMIS Static Code Analysis

Analyzes source code for vulnerabilities, security anti-patterns, and dependency risks. Supports multiple languages and integrates with version control and CI/CD systems.

Think of it as: Your code security reviewer

What Makes Us Different

Open Source, Really Open

MIT licensed with no strings attached. No "community edition" with limited features. No bait-and-switch to enterprise versions. Everything we build is free, open, and available to everyone.

Microservices Architecture

Unlike monolithic security platforms, each HorizonSec module is an independent service. Deploy one, deploy all, or integrate individual components into your existing security stack.

Ephemeral Security Sandboxes

We leverage ephemeral environments in your CI/CD pipeline to perform comprehensive security testing without affecting development velocity or production systems.

Multi-Cloud Native

Designed from the ground up to work across AWS, GCP, Azure, and on-premises environments. No vendor lock-in, no cloud-specific assumptions.

CLI-First Philosophy

Every module provides a robust CLI for local development, scripting, and custom automation. We also offer importable libraries and SDKs for deeper integration.

Actionable, Not Noisy

We prioritize signal over noise. Our tools focus on high-confidence findings with clear remediation paths, reducing alert fatigue and false positives.

The Community

The HorizonSec Project thrives because of its community. We're more than just code—we're a group of builders, security practitioners, and open-source enthusiasts who believe security should be accessible to everyone.

🌟 Open Development

All work happens in the open on GitHub. Roadmaps, issues, and discussions are public.

📝 RFC Process

Major decisions are made through Request for Comments (RFCs) with community input.

🤝 Inclusive Contribution

We welcome contributions of all kinds—code, documentation, bug reports, feature ideas, and community support.

⚡ Responsive Governance

Four founders provide initial direction, but the project evolves based on community needs and feedback.

Built by Builders, for Builders

The HorizonSec Project is led by four founders who understand the challenges builders face because we've lived them. But this isn't just our project—it's a community effort. Every line of code, every feature, and every decision is made with one goal: making security accessible and transparent for everyone who builds software.

Join Our Community View on GitHub