VibeGuard AI

Automated code security

You built it.
We find the mistakes before hackers do.

VibeGuard AI scans your repositories and web apps for vulnerabilities, leaked secrets, and risky dependencies — explains every finding in plain English, and opens a pull request with the fix.

  • No credit card required
  • Free for public repos
  • Results in under 2 minutes

Security score

acme/checkout-service

Scanned 2m ago
87
Critical
0
High
2
Medium
5
Low
8
Hardcoded Stripe secret key found in lib/payments.ts:14

Built for teams that ship fast

Everything you need to ship secure apps

VibeGuard AI plugs into the workflow you already have — connect a repo, get a security score, and fix issues without leaving GitHub.

Full scanning pipeline

Semgrep, Gitleaks, Trivy, and dependency audits run on every push.

Secret detection

Catch leaked API keys and credentials before they ship.

Plain-English explanations

Every finding comes with a real-world attack example and a fix, no jargon.

Auto-generated pull requests

One click opens a PR with the fix, formatted to match your codebase.

AI explanations

Understand every vulnerability in plain English

No security background required. Each finding explains what's wrong, why it matters, and shows a real-world attack example alongside the technical detail.

  • Plain-English + technical explanation for every finding
  • Real-world attack scenario, not just a rule ID
  • Mapped to OWASP Top 10, CWE, and CVE where applicable
SQL Injection in api/users/route.ts

In plain English

This query builds SQL by pasting the search term directly into the string. Someone could type SQL instead of a search term and read or delete data they shouldn't have access to.

The fix

Use a parameterized query instead of string concatenation.

OWASP A03:2021CWE-89

Auto-fix

Ship the fix as a pull request, not a to-do item

Click Generate Fix and VibeGuard AI edits only the files it needs to, preserving your formatting, then opens a PR your team reviews like any other change.

  • Minimal, style-preserving diffs
  • Every change explained in the PR description
  • Copy, download, or open the PR directly from the dashboard
fix: use parameterized query in users route

VibeGuard AI wants to merge 1 commit into main from vibeguard/fix-sql-injection

api/users/route.ts
db.query(`SELECT * FROM users WHERE name = '${q}'`)
db.query('SELECT * FROM users WHERE name = $1', [q])
Checks passingMerge pull request

How it works

From push to patched in three steps

1

Connect a repository

Install the GitHub App and pick the repos you want watched.

2

We scan on every push

Semgrep, Gitleaks, Trivy, and dependency audits run automatically.

3

Review and merge the fix

Read the plain-English explanation and merge the auto-generated fix PR.

Plans & pricing

Choose the plan that fits your team

Every plan includes the full scanning pipeline and plain-English explanations. Upgrade for auto-fix pull requests and team features.

Free

$0/forever

For hobby projects and public repos.

  • 3 repositories
  • Weekly scans
  • Plain-English explanations
  • Community support
Start for free

Pro

$29/per month

For indie hackers and solo founders shipping fast.

  • Unlimited repositories
  • Scan on every push
  • AI patch generator + auto PRs
  • Website scanner
  • Email alerts
Start free trial

Team

$99/per month

For startup teams that need shared visibility.

  • Everything in Pro
  • Unlimited team members
  • Organization roles & audit log
  • Weekly security digest
  • Priority support
Start free trial

Need SSO, custom retention, or an on-prem worker? Talk to us about Enterprise.

FAQ

Frequently asked questions

Which repositories can VibeGuard AI scan?
Any GitHub repository you install the VibeGuard AI GitHub App on. We support public and private repos across personal accounts and organizations.
Do you store my source code?
We clone into an isolated, ephemeral environment to run scans and delete it immediately after. Only findings, file paths, and the code snippets needed to explain an issue are persisted.
Can VibeGuard AI scan a website I don’t own?
No. Website scans require ownership verification (DNS TXT record, meta tag, or file upload) before any passive check runs, and we never perform intrusive testing.
What happens when I click "Generate Fix"?
The AI patch generator edits only the files needed to resolve the finding, preserving your formatting and style, and shows you a diff before anything is committed.
Will opening a pull request break my CI?
Fixes are opened as a normal pull request against a new branch — your existing CI and review process runs exactly as it would for a human contributor.
Can I cancel anytime?
Yes. Plans are month-to-month and you can downgrade or cancel from Billing at any time.

Ready to secure your next deploy?

Connect a repo and get your first security score in under two minutes.