CI/CD Integration

Automate your security posture by injecting VibeGuard into your Git hooks and GitHub Actions workflows.

Git Pre-Commit Hook

You can block dangerous commits that contain security issues before they ever leave your local machine.

npx vibeguard-scan hook install

This will install a standard Git pre-commit hook that runs VibeGuard on staged files. If the code safety score drops below your configured threshold, the commit is aborted.

GitHub Actions (SARIF Output)

VibeGuard can output directly to SARIF format, which integrates seamlessly into GitHub's built-in Code Scanning alerts. Add .github/workflows/vibeguard.yml to your project so VibeGuard comments directly on your Pull Requests:

name: VibeGuard Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: npm ci
      - run: npx vibeguard-scan scan . --format sarif > vibeguard-results.sarif
      - name: Upload SARIF to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: vibeguard-results.sarif

Your Vibe Code Safety Score

When running in CI/CD, you can assert against the 0-100 safety score to conditionally fail the build:

• 🟢 90–100 — Excellent. Your code looks clean.
• 🟡 70–89 — Good. Minor suggestions only.
• 🟠 50–69 — Needs work. Some risks found.
• 🔴 0–49 — Critical. Fix before shipping!