VibeSec Frequently Asked Questions

VibeSec Frequently Asked Questions. VibeSec: AI-powered GitHub copilot that scans code in real time, detects vulnerabilities instantly, and suggests secure fixes—before threats strike.

FAQ from VibeSec

What is VibeSec?

VibeSec is a real-time GitHub-native security copilot that detects exploitable vulnerabilities *as they’re written*, not after they’re merged. Using AI-augmented static analysis and deep-code understanding, it delivers instant, fix-ready insights — turning security from a bottleneck into a built-in accelerator.

How to use VibeSec?

Grant scoped access to your GitHub account or org → select any repo (public or private) → click “Scan Now.” Within seconds, get a live vulnerability feed with severity-ranked findings, exploit context, and developer-validated patch suggestions — all without leaving your browser or installing CLI tools.

How does VibeSec scan my code?

VibeSec runs lightweight, encrypted AST-based analysis in-memory — never storing raw source code. It combines Semgrep’s precision pattern matching with fine-tuned security LLMs to detect *actionable* risks: secrets in plaintext, insecure crypto usage, SSRF vectors, and misconfigured permissions — all in real time.

Do you support private repositories?

Yes — securely. Your GitHub token grants read-only access *only* to selected repos. Code is analyzed in ephemeral, isolated containers and discarded immediately post-scan. No persistence. No backups. No third-party sharing.

What do I get in the Basic plan?

The Free tier includes unlimited real-time scans of public repos and up to 3 private repos per month — full vulnerability detection, risk scoring, and human-readable AI reports. Pro unlocks unlimited private repos, one-click secure patching, priority support, and CI/CD API access.

What does the AI report include?

Every report contains: (1) exact file + line number, (2) vulnerability class + MITRE ATT&CK mapping, (3) CVSS 4.0 severity score, (4) exploit scenario summary, (5) safe, tested code-level fix (with before/after diff), and (6) optional mitigation notes for DevOps or infra teams.

Can VibeSec automatically fix code?

Yes — with VibeSec Pro. “One-Click Fix” applies verified, deterministic patches directly to your GitHub branch via authenticated PR creation. Fixes are sandbox-tested, lint-validated, and annotated with security rationale — making remediation auditable, reversible, and safe.

How secure is my data?

VibeSec is SOC 2 Type I compliant. All code processing occurs in memory within AWS GovCloud-isolated environments. No source code is logged, cached, or retained beyond scan duration. We comply with GDPR, CCPA, and ISO/IEC 27001 standards — full transparency available in our Security Whitepaper.