Introduction to VibeGuard

VibeGuard is your automated security guard. It catches hardcoded secrets, SQL injections, and SSRF vulnerabilities in your AI-generated code before you deploy.

Why VibeGuard?

As AI code generation tools become increasingly prevalent, the speed of development has skyrocketed. However, AI models frequently generate code that contains subtle security vulnerabilities. VibeGuard acts as a lightweight, lightning-fast static analysis tool specifically tuned to catch the most common AI-generated flaws.

Key Features

• Secret Detection: Accurately identifies hardcoded API keys, passwords, and tokens.
• SQL Injection Prevention: Flags unsafe string concatenations in raw SQL queries.
• SSRF Defense: Detects unsafe HTTP requests and URL parsing vulnerabilities.
• Eval & Exec Monitoring: Warns about the usage of arbitrary code execution functions.

Quickstart

You can run VibeGuard instantly in any directory without installation using npx:

npx vibeguard-scan .

This command will recursively scan the current directory and output a detailed security report directly to your terminal.

Global Installation

If you prefer to have VibeGuard available at all times, you can install it globally via npm:

npm install -g vibeguard-scan

Next Steps

Once you're familiar with the basics, check out the Security Rules to understand exactly what VibeGuard is looking for, or learn how to set up continuous protection in the CI/CD Integration guide.