I built VibeGuard, a lightweight GitHub security scanner designed for indie developers, small teams, and people using platforms like VibeCode, Retool, or no-code tools that rely on custom scripts or API integrations.
VibeGuard helps catch basic security issues that are easy to miss when you're moving fast: things like exposed secrets, misconfigured auth flows, unsafe headers, or outdated libraries.
You paste in a GitHub repo (public or private), and it gives you a readable report with the most important findings. It doesn't require any setup, installs, or integrations—just paste and scan.
Why I built it:
After shipping a few projects myself, I realized how easy it is to forget something small that could turn into a big problem later. I didn’t want to set up a full security pipeline, but I still wanted peace of mind. VibeGuard is a middle ground: a simple tool to catch the obvious stuff before it bites you.
How it works:
Uses a mix of pattern-based checks and lightweight language models
Flags secrets, insecure API usage, weak auth, and other common issues
Supports JS, TS, Python, and plaintext scanning for now
Public scans don’t require login; private repo scan uses GitHub OAuth
What’s missing (for now):
No CI/CD integration yet
No support for compiled or container-based analysis
No self-hosted version, though it’s something I’d like to build for teams
It’s free to use during beta, and I’d really appreciate your feedback. I’d love to hear what’s helpful, what’s missing, or whether you’d actually use this as part of your workflow.
Thanks for checking it out!
Top comments (0)