Automated code security
You built it.
We find the mistakes before hackers do.
VibeGuard AI scans your repositories and web apps for vulnerabilities, leaked secrets, and risky dependencies — explains every finding in plain English, and opens a pull request with the fix.
- No credit card required
- Free for public repos
- Results in under 2 minutes
Security score
acme/checkout-service
lib/payments.ts:14Built for teams that ship fast
Everything you need to ship secure apps
VibeGuard AI plugs into the workflow you already have — connect a repo, get a security score, and fix issues without leaving GitHub.
Full scanning pipeline
Semgrep, Gitleaks, Trivy, and dependency audits run on every push.
Secret detection
Catch leaked API keys and credentials before they ship.
Plain-English explanations
Every finding comes with a real-world attack example and a fix, no jargon.
Auto-generated pull requests
One click opens a PR with the fix, formatted to match your codebase.
AI explanations
Understand every vulnerability in plain English
No security background required. Each finding explains what's wrong, why it matters, and shows a real-world attack example alongside the technical detail.
- Plain-English + technical explanation for every finding
- Real-world attack scenario, not just a rule ID
- Mapped to OWASP Top 10, CWE, and CVE where applicable
api/users/route.tsIn plain English
This query builds SQL by pasting the search term directly into the string. Someone could type SQL instead of a search term and read or delete data they shouldn't have access to.
The fix
Use a parameterized query instead of string concatenation.
Auto-fix
Ship the fix as a pull request, not a to-do item
Click Generate Fix and VibeGuard AI edits only the files it needs to, preserving your formatting, then opens a PR your team reviews like any other change.
- Minimal, style-preserving diffs
- Every change explained in the PR description
- Copy, download, or open the PR directly from the dashboard
VibeGuard AI wants to merge 1 commit into main from vibeguard/fix-sql-injection
How it works
From push to patched in three steps
Connect a repository
Install the GitHub App and pick the repos you want watched.
We scan on every push
Semgrep, Gitleaks, Trivy, and dependency audits run automatically.
Review and merge the fix
Read the plain-English explanation and merge the auto-generated fix PR.
Plans & pricing
Choose the plan that fits your team
Every plan includes the full scanning pipeline and plain-English explanations. Upgrade for auto-fix pull requests and team features.
Free
$0/forever
For hobby projects and public repos.
- 3 repositories
- Weekly scans
- Plain-English explanations
- Community support
Pro
$29/per month
For indie hackers and solo founders shipping fast.
- Unlimited repositories
- Scan on every push
- AI patch generator + auto PRs
- Website scanner
- Email alerts
Team
$99/per month
For startup teams that need shared visibility.
- Everything in Pro
- Unlimited team members
- Organization roles & audit log
- Weekly security digest
- Priority support
Need SSO, custom retention, or an on-prem worker? Talk to us about Enterprise.
FAQ
Frequently asked questions
- Which repositories can VibeGuard AI scan?
- Any GitHub repository you install the VibeGuard AI GitHub App on. We support public and private repos across personal accounts and organizations.
- Do you store my source code?
- We clone into an isolated, ephemeral environment to run scans and delete it immediately after. Only findings, file paths, and the code snippets needed to explain an issue are persisted.
- Can VibeGuard AI scan a website I don’t own?
- No. Website scans require ownership verification (DNS TXT record, meta tag, or file upload) before any passive check runs, and we never perform intrusive testing.
- What happens when I click "Generate Fix"?
- The AI patch generator edits only the files needed to resolve the finding, preserving your formatting and style, and shows you a diff before anything is committed.
- Will opening a pull request break my CI?
- Fixes are opened as a normal pull request against a new branch — your existing CI and review process runs exactly as it would for a human contributor.
- Can I cancel anytime?
- Yes. Plans are month-to-month and you can downgrade or cancel from Billing at any time.
Ready to secure your next deploy?
Connect a repo and get your first security score in under two minutes.