FAQ from VibeSec
What is VibeSec?
VibeSec is a real-time GitHub-native security copilot that detects exploitable vulnerabilities *as they’re written*, not after they’re merged. Using AI-augmented static analysis and deep-code understanding, it delivers instant, fix-ready insights — turning security from a bottleneck into a built-in accelerator.
How to use VibeSec?
Grant scoped access to your GitHub account or org → select any repo (public or private) → click “Scan Now.” Within seconds, get a live vulnerability feed with severity-ranked findings, exploit context, and developer-validated patch suggestions — all without leaving your browser or installing CLI tools.
How does VibeSec scan my code?
VibeSec runs lightweight, encrypted AST-based analysis in-memory — never storing raw source code. It combines Semgrep’s precision pattern matching with fine-tuned security LLMs to detect *actionable* risks: secrets in plaintext, insecure crypto usage, SSRF vectors, and misconfigured permissions — all in real time.
Do you support private repositories?
Yes — securely. Your GitHub token grants read-only access *only* to selected repos. Code is analyzed in ephemeral, isolated containers and discarded immediately post-scan. No persistence. No backups. No third-party sharing.
What do I get in the Basic plan?
The Free tier includes unlimited real-time scans of public repos and up to 3 private repos per month — full vulnerability detection, risk scoring, and human-readable AI reports. Pro unlocks unlimited private repos, one-click secure patching, priority support, and CI/CD API access.
What does the AI report include?
Every report contains: (1) exact file + line number, (2) vulnerability class + MITRE ATT&CK mapping, (3) CVSS 4.0 severity score, (4) exploit scenario summary, (5) safe, tested code-level fix (with before/after diff), and (6) optional mitigation notes for DevOps or infra teams.
Can VibeSec automatically fix code?
Yes — with VibeSec Pro. “One-Click Fix” applies verified, deterministic patches directly to your GitHub branch via authenticated PR creation. Fixes are sandbox-tested, lint-validated, and annotated with security rationale — making remediation auditable, reversible, and safe.
How secure is my data?
VibeSec is SOC 2 Type I compliant. All code processing occurs in memory within AWS GovCloud-isolated environments. No source code is logged, cached, or retained beyond scan duration. We comply with GDPR, CCPA, and ISO/IEC 27001 standards — full transparency available in our Security Whitepaper.