{"id":29193307,"url":"https://github.com/colesmcintosh/vibe-security-ai","last_synced_at":"2026-03-12T05:31:37.002Z","repository":{"id":295664677,"uuid":"990853091","full_name":"colesmcintosh/vibe-security-ai","owner":"colesmcintosh","description":"A professional command-line tool that leverages Claude 4 Sonnet to perform comprehensive security analysis on your code. Get detailed security reports with actionable recommendations to improve your code's security posture.","archived":false,"fork":false,"pushed_at":"2025-05-26T18:58:11.000Z","size":25,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-16T16:06:02.314Z","etag":null,"topics":["ai","claude-4","security","vibe-coding"],"latest_commit_sha":null,"homepage":"https://github.com/colesmcintosh/vibe-check","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/colesmcintosh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-26T18:34:51.000Z","updated_at":"2025-06-30T01:41:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"d6498aab-f1d0-4494-843a-7e28f534d988","html_url":"https://github.com/colesmcintosh/vibe-security-ai","commit_stats":null,"previous_names":["colesmcintosh/vibe-check"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/colesmcintosh/vibe-security-ai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colesmcintosh%2Fvibe-security-ai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colesmcintosh%2Fvibe-security-ai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colesmcintosh%2Fvibe-security-ai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colesmcintosh%2Fvibe-security-ai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/colesmcintosh","download_url":"https://codeload.github.com/colesmcintosh/vibe-security-ai/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colesmcintosh%2Fvibe-security-ai/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30416310,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T04:41:02.746Z","status":"ssl_error","status_checked_at":"2026-03-12T04:40:12.571Z","response_time":114,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","claude-4","security","vibe-coding"],"created_at":"2025-07-02T02:09:01.184Z","updated_at":"2026-03-12T05:31:36.997Z","avatar_url":"https://github.com/colesmcintosh.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vibe Security AI - AI-Powered Security Analysis CLI\n\n[![PyPI version](https://badge.fury.io/py/vibe-security-ai.svg)](https://badge.fury.io/py/vibe-security-ai)\n[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nA professional command-line tool that leverages Claude 4 Sonnet to perform comprehensive security analysis on your code. Get detailed security reports with actionable recommendations to improve your code's security posture.\n\n## Features\n\n- **AI-Powered Analysis**: Uses Claude 4 Sonnet for intelligent security vulnerability detection\n- **Comprehensive Reports**: Generates detailed markdown reports with risk assessments\n- **Multi-Language Support**: Analyzes 20+ programming languages\n- **Professional CLI**: Beautiful, rich terminal interface with progress indicators\n- **Fast \u0026 Efficient**: Quick analysis with detailed feedback\n- **Flexible Output**: Custom output paths and automatic naming\n- **Structured Analysis**: Executive summaries, detailed findings, and remediation roadmaps\n- **Privacy-Focused**: Local report generation with secure API communication\n\n## Quick Start\n\n### Installation\n\n```bash\npip install vibe-security-ai\n```\n\n### Setup\n\nConfigure your Anthropic API key ([Get one here](https://console.anthropic.com/)):\n\n```bash\nvibe-security-ai --setup\n```\n\n### Analyze Your Code\n\n```bash\nvibe-security-ai path/to/your/code.py\n```\n\nThat's it! Your security report will be generated in the `security_reports/` folder.\n\n## Installation Options\n\n### Option 1: PyPI (Recommended)\n```bash\npip install vibe-security-ai\n```\n\n### Option 2: Development Installation\n```bash\ngit clone https://github.com/colesmcintosh/vibe-check.git\ncd vibe-check\npip install -e .\n```\n\n## Configuration\n\n### API Key Setup\n\nChoose your preferred method:\n\n**Interactive Setup (Recommended)**\n```bash\nvibe-security-ai --setup\n```\n\n**Environment Variable**\n```bash\nexport ANTHROPIC_API_KEY=\"your_api_key_here\"\n```\n\n**`.env` File**\n```bash\necho \"ANTHROPIC_API_KEY=your_api_key_here\" \u003e .env\n```\n\n## Usage\n\n### Basic Commands\n\n```bash\n# Analyze a file\nvibe-security-ai app.py\n\n# Custom output location\nvibe-security-ai app.js --output custom_report.md\nvibe-security-ai app.js -o custom_report.md\n\n# Specify API key directly\nvibe-security-ai script.php --api-key sk-your-key-here\n\n# Get help\nvibe-security-ai --help\n\n# Check version\nvibe-security-ai --version\n```\n\n### Real-World Examples\n\n```bash\n# Web application security audit\nvibe-security-ai src/auth/login.py\n\n# Frontend component analysis\nvibe-security-ai components/UserProfile.tsx\n\n# API endpoint security check\nvibe-security-ai api/routes/users.js\n\n# Database query analysis\nvibe-security-ai models/user.sql\n\n# Shell script security review\nvibe-security-ai scripts/deploy.sh\n```\n\n## Supported Languages\n\nVibe Security AI analyzes these file types:\n\n| Category | Extensions |\n|----------|------------|\n| **Web Frontend** | `.js`, `.ts`, `.jsx`, `.tsx`, `.html`, `.css`, `.scss`, `.vue`, `.svelte` |\n| **Backend** | `.py`, `.java`, `.c`, `.cpp`, `.cs`, `.php`, `.rb`, `.go`, `.rs`, `.swift` |\n| **Mobile** | `.kt`, `.scala`, `.dart`, `.m`, `.mm` |\n| **Scripts** | `.sh`, `.bash`, `.zsh`, `.sql`, `.pl`, `.lua` |\n| **Other** | `.r`, `.nim`, `.zig` |\n\n*Note: Any text file can be analyzed, with confirmation for unrecognized extensions.*\n\n## Report Structure\n\nEach security analysis includes:\n\n### Executive Summary\n- Overall security posture assessment\n- Risk level classification (Critical/High/Medium/Low)\n- Summary of findings by severity\n\n### Detailed Security Findings\n\n**Critical Issues**\n- Immediate security threats requiring urgent attention\n- Potential for data breaches or system compromise\n\n**High Priority**\n- Important vulnerabilities to address soon\n- Significant security risks\n\n**Medium Priority**\n- Issues for next development cycle\n- Security improvements and hardening\n\n**Low Priority**\n- Best practice recommendations\n- Code quality and maintainability improvements\n\n### Analysis Details\nFor each finding:\n- Clear vulnerability description\n- Exact code location (file and line numbers)\n- Risk assessment and impact analysis\n- Step-by-step remediation instructions\n- Code examples showing fixes\n\n### Security Recommendations\n- Industry best practices\n- Prevention strategies\n- Compliance considerations (OWASP, CWE)\n- Prioritized action plan\n\n## CLI Output Examples\n\n### Successful Analysis\n```\nVIBE SECURITY AI\nSecurity Analysis Tool powered by Claude 4\n\nAnalyzing: src/auth/login.py\nReport will be saved to: security_reports/login_security_report.md\n\nAnalyzing code for security vulnerabilities...\n\nAnalysis complete!\nSecurity report saved to: security_reports/login_security_report.md\nAnalysis took: 2.34 seconds\nFound: 2 Critical, 1 High, 3 Medium, 2 Low priority issues\n```\n\n### Sample Report Header\n```markdown\n# Security Analysis Report\n\n**File Analyzed:** `src/auth/login.py`\n**Analysis Date:** 2024-01-15 14:30:22\n**Analysis Duration:** 2.34 seconds\n**Tool:** Vibe Security AI\n\n---\n\n## 🎯 Executive Summary\n\n**Security Posture:** HIGH RISK\n**Total Issues Found:** 8\n- Critical: 2\n- High: 1  \n- Medium: 3\n- Low: 2\n\nThis analysis identified several critical security vulnerabilities...\n```\n\n## Troubleshooting\n\n### Common Issues\n\n| Issue | Solution |\n|-------|----------|\n| **\"Anthropic API key not found\"** | Run `vibe-security-ai --setup` or set `ANTHROPIC_API_KEY` environment variable |\n| **\"File not found\"** | Check file path and permissions |\n| **\"API Error\"** | Verify internet connection and API key validity |\n| **\"Permission denied\"** | Check file read permissions and output directory write access |\n\n### Getting Help\n\n```bash\n# Show detailed help\nvibe-security-ai --help\n\n# Check version\nvibe-security-ai --version\n\n# Test your setup\nvibe-security-ai --setup\n```\n\n## Development\n\n### Project Structure\n```\nvibe-security-ai/\n├── vibe_check/\n│   ├── __init__.py      # Package metadata\n│   └── cli.py           # Main CLI application\n├── pyproject.toml       # Modern Python packaging\n├── requirements.txt     # Dependencies\n├── README.md           # This file\n├── LICENSE             # MIT License\n├── CHANGELOG.md        # Version history\n└── PUBLISHING.md       # Publishing guide\n```\n\n### Dependencies\n- **click** (\u003e=8.1.0,\u003c9.0.0): CLI framework\n- **anthropic** (\u003e=0.34.0,\u003c1.0.0): Claude API client  \n- **rich** (\u003e=13.0.0,\u003c14.0.0): Terminal formatting\n\n### Building from Source\n```bash\n# Clone repository\ngit clone https://github.com/colesmcintosh/vibe-check.git\ncd vibe-check\n\n# Install in development mode\npip install -e .\n\n# Run tests\npython test_package.py\n\n# Build package\npython -m build\n```\n\n## Security \u0026 Privacy\n\n- **Secure Communication**: All API calls use HTTPS encryption\n- **No Data Storage**: Your code is not stored by the tool or Anthropic\n- **Local Reports**: All analysis reports are saved locally only\n- **API Privacy**: Review [Anthropic's Privacy Policy](https://www.anthropic.com/privacy) for API data handling\n- **Open Source**: Full source code available for security review\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Contributing\n\nContributions are welcome! Here are some areas for improvement:\n\n- Additional programming language support\n- Custom security rule definitions  \n- CI/CD pipeline integrations\n- Batch file processing\n- Configuration file support\n- Custom report templates\n\n### How to Contribute\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n## Support\n\n- **Bug Reports**: [GitHub Issues](https://github.com/colesmcintosh/vibe-check/issues)\n- **Documentation**: [GitHub Repository](https://github.com/colesmcintosh/vibe-check)\n- **Questions**: Open a GitHub Discussion\n\n## Acknowledgments\n\n- Built with [Claude 4](https://www.anthropic.com/) by Anthropic\n- CLI framework powered by [Click](https://click.palletsprojects.com/)\n- Beautiful terminal output via [Rich](https://rich.readthedocs.io/)\n\n---\n\n**Made with care for secure coding practices**\n\n*Vibe Security AI - Because security shouldn't be an afterthought* ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcolesmcintosh%2Fvibe-security-ai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcolesmcintosh%2Fvibe-security-ai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcolesmcintosh%2Fvibe-security-ai/lists"}