{"id":51466651,"url":"https://github.com/princepal9120/vibeaudit","last_synced_at":"2026-07-06T12:01:07.855Z","repository":{"id":334706732,"uuid":"1138485732","full_name":"princepal9120/vibeaudit","owner":"princepal9120","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-31T22:04:45.000Z","size":1788,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-31T23:15:04.970Z","etag":null,"topics":["dast","express","nextjs","open-source","sast","security","semgrep"],"latest_commit_sha":null,"homepage":"https://shipsafe.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/princepal9120.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-20T18:26:21.000Z","updated_at":"2026-05-31T21:29:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/princepal9120/vibeaudit","commit_stats":null,"previous_names":["princepal9120/shipsafe","princepal9120/vibeaudit"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/princepal9120/vibeaudit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/princepal9120%2Fvibeaudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/princepal9120%2Fvibeaudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/princepal9120%2Fvibeaudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/princepal9120%2Fvibeaudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/princepal9120","download_url":"https://codeload.github.com/princepal9120/vibeaudit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/princepal9120%2Fvibeaudit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35189713,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-06T02:00:07.184Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dast","express","nextjs","open-source","sast","security","semgrep"],"created_at":"2026-07-06T12:01:06.892Z","updated_at":"2026-07-06T12:01:07.844Z","avatar_url":"https://github.com/princepal9120.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VibeAudit\n\n\u003cdiv align=\"center\"\u003e\n\n![VibeAudit](https://img.shields.io/badge/VibeAudit-v1.0-blue)\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n![Status](https://img.shields.io/badge/status-MVP-yellow)\n\n**Security scanning platform for indie builders, vibe coders, freelancers, and early-stage teams**\n\n[Features](#-features) • [Architecture](#-architecture) • [Quick Start](#-quick-start) • [Contributing](#-contributing)\n\n\u003c/div\u003e\n\n---\n\n## 🎯 About VibeAudit\n\nVibeAudit is a security scanning platform built for developers who ship code fast using AI tools. It validates code and live apps for security vulnerabilities, translates findings into plain English, and generates client-friendly reports—without the complexity, cost, or setup friction of enterprise security tools.\n\n### Why VibeAudit?\n\n- **Built for speed:** 2-3 minute scans, zero setup required\n- **Plain-English explanations:** No security expertise needed\n- **Pay-per-scan:** No subscriptions, no minimums ($15-50/scan)\n- **Comprehensive coverage:** Code repositories + live applications\n- **AI-powered fixes:** GPT-4 powered remediation suggestions\n\n### Target Users\n\n| User Type | Use Case |\n|-----------|----------|\n| **Solo Builders** | Pre-launch security validation |\n| **Freelancers/Agencies** | Client handoff audit reports |\n| **Vibe Coders** | AI-generated code validation |\n\n---\n\n## ✨ Features\n\n### Code Scanning\n- ✅ GitHub repository analysis (public \u0026 private)\n- ✅ SAST with Semgrep (OWASP Top 10, CWE Top 25)\n- ✅ Dependency vulnerability detection (npm, pip, go, etc.)\n- ✅ Secrets detection (API keys, tokens, credentials)\n- ✅ Multi-language support: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP, C#\n\n### Live App Scanning\n- ✅ Dynamic Application Security Testing (DAST)\n- ✅ OWASP ZAP integration\n- ✅ Security headers validation (CSP, HSTS, X-Frame-Options)\n- ✅ SSL/TLS certificate analysis\n- ✅ XSS vulnerability detection\n- ✅ CSRF token validation\n\n### AI-Powered Insights\n- ✅ Plain-English vulnerability explanations\n- ✅ Severity scoring (CRITICAL, HIGH, MEDIUM, LOW)\n- ✅ Step-by-step fix recommendations\n- ✅ Code snippets and examples\n- ✅ Security glossary with inline definitions\n\n### Reporting \u0026 Sharing\n- ✅ Security score (0-100) with visual indicators\n- ✅ Professional PDF report generation\n- ✅ Shareable report links (30-day expiration)\n- ✅ Co-branded reports for freelancers\n- ✅ Scan history dashboard\n- ✅ Before/after comparison\n\n### Pricing\n- **1 free scan** per user\n- **$30 per additional scan**\n- No subscriptions, no hidden fees\n\n---\n\n## 🏗️ Architecture\n\n```\n┌─────────────────────────────────────────────────────────────────┐\n│                    VibeAudit System                             │\n└─────────────────────────────────────────────────────────────────┘\n\n┌──────────────────────┐\n│   Frontend (Next.js) │  ← Vercel Deployment\n└──────────────────────┘\n         │ REST API\n         ↓\n┌──────────────────────┐\n│  Backend (Express.js) │  ← AWS ECS Fargate\n└──────────────────────┘\n         │\n    ┌────┴─────────────────────────────┐\n    │                                   │\n┌─────────────────┐          ┌──────────────────┐\n│ Scanning Queue  │          │  LLM Integration │\n│  (BullMQ/Redis) │          │  (OpenAI GPT-4o) │\n└─────────────────┘          └──────────────────┘\n    │                              │\n    ↓                              ↓\n┌─────────────────────────────────────────────┐\n│         Worker Process                       │\n│  Semgrep | OWASP ZAP | Trivy | npm audit    │\n└─────────────────────────────────────────────┘\n    │\n    ↓\n┌─────────────────────────────────────────────┐\n│  PostgreSQL (AWS RDS) + S3 (Report Storage) │\n└─────────────────────────────────────────────┘\n```\n\n### Tech Stack\n\n| Layer | Technology | Version |\n|-------|-----------|---------|\n| **Frontend** | Next.js | 16.1.x |\n| | React | 19.2.x |\n| | TailwindCSS | 4.1.x |\n| | shadcn/ui | Latest |\n| **Backend** | Node.js | 24.x LTS |\n| | Express.js | 5.2.x |\n| | BullMQ | 5.66.x |\n| **Database** | PostgreSQL | 18.1 |\n| | Redis | 8.4.x |\n| | Prisma ORM | 7.2.x |\n| **Scanning** | Semgrep | 1.148.x |\n| | OWASP ZAP | 2.17.x |\n| | Trivy | 0.68.x |\n| **AI** | OpenAI GPT-4o | Latest |\n| **Deployment** | Vercel | Frontend |\n| | AWS ECS Fargate | Backend |\n| | AWS RDS | Database |\n| | AWS S3 | Storage |\n| **Auth** | Auth.js (NextAuth) | 5.x |\n\nSee [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md) for detailed system design.\n\n---\n\n## 🚀 Quick Start\n\n### Prerequisites\n\n- Node.js 24.x LTS\n- Docker \u0026 Docker Compose\n- PostgreSQL 18.1\n- Redis 8.4.x\n- OpenAI API key\n\n### Development Setup\n\n```bash\n# Clone the repository\ngit clone https://github.com/princepal9120/vibeaudit.git\ncd vibeaudit\n\n# Install dependencies\nnpm install\n\n# Copy environment variables\ncp .env.example .env\n\n# Configure your environment variables\nnano .env\n\n# Start local services (PostgreSQL, Redis)\ndocker compose up -d\n\n# Run database migrations\nnpm run db:migrate\n\n# Seed database (optional)\nnpm run db:seed\n\n# Start development servers\nnpm run dev\n```\n\nAccess the application at:\n- Frontend: http://localhost:3000\n- Backend API: http://localhost:5000\n- API Docs: http://localhost:5000/api/docs\n\n### Environment Variables\n\n```env\n# Database\nDATABASE_URL=postgresql://vibeaudit:password@localhost:5432/vibeaudit\n\n# Redis\nREDIS_URL=redis://localhost:6379\n\n# OpenAI\nOPENAI_API_KEY=sk-...\n\n# GitHub OAuth\nGITHUB_CLIENT_ID=your_github_client_id\nGITHUB_CLIENT_SECRET=your_github_client_secret\n\n# NextAuth\nNEXTAUTH_SECRET=your_nextauth_secret\nNEXTAUTH_URL=http://localhost:3000\n\n# AWS (Optional - for S3 reports)\nAWS_S3_BUCKET=vibeaudit-reports\nAWS_ACCESS_KEY_ID=...\nAWS_SECRET_ACCESS_KEY=...\n\n# API\nAPI_URL=http://localhost:5000\nNEXT_PUBLIC_API_URL=http://localhost:5000\n```\n\nSee [`docs/SETUP.md`](docs/SETUP.md) for detailed setup instructions.\n\n---\n\n## 📁 Project Structure\n\n```\nvibeaudit/\n├── apps/\n│   ├── web/                 # Next.js frontend application\n│   │   ├── src/app/         # App Router pages\n│   │   ├── src/components/  # React components\n│   │   ├── src/hooks/       # React hooks\n│   │   ├── src/lib/         # Utilities and helpers\n│   │   └── public/          # Static assets\n│   │\n│   └── api/                 # Express.js backend application\n│       ├── src/routes/      # API endpoints\n│       ├── src/services/    # Business logic\n│       ├── src/workers/     # Background jobs\n│       └── prisma/          # Database schema\n│\n├── packages/\n│   └── shared/              # Shared TypeScript schemas and utilities\n│\n├── docs/                    # Architecture, setup, PRD, and technical docs\n├── .github/                 # CI, issue templates, and PR template\n├── docker-compose.yml       # Local development services\n├── package.json             # Root workspace package.json\n└── README.md\n```\n\n---\n\n## 🔧 Development Workflow\n\n### Available Scripts\n\n```bash\n# Development\nnpm run dev              # Start all apps (web + api)\nnpm run dev:web          # Start frontend only\nnpm run dev:api          # Start backend only\n\n# Build\nnpm run build            # Build all apps\nnpm run build:web        # Build frontend only\nnpm run build:api        # Build backend only\n\n# Database\nnpm run db:migrate       # Run Prisma migrations\nnpm run db:studio        # Open Prisma Studio\n\n# Quality checks\nnpm run lint             # Run ESLint for the web app\nnpm run build            # Build web and API workspaces\nnpm run build:web        # Build frontend only\nnpm run build:api        # Generate Prisma client and build API only\n\n# Docker\ndocker compose up -d     # Start local PostgreSQL and Redis\ndocker compose down      # Stop local services\ndocker compose logs      # View local service logs\n```\n\n### Code Quality\n\n- **Linting:** ESLint for the web workspace\n- **Type checking:** TypeScript builds for the web and API workspaces\n- **Database types:** Prisma client generation through API build and `npm run db:generate`\n- **Testing:** Add feature-level tests as `*.test.ts` or `*.test.tsx` when behavior changes\n\n---\n\n## 📚 Documentation\n\n| Document | Description |\n|----------|-------------|\n| [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md) | Detailed system architecture, database schema, API design |\n| [`docs/SETUP.md`](docs/SETUP.md) | Development environment setup and deployment guide |\n| [`docs/VibeAudit_PRD.md`](docs/VibeAudit_PRD.md) | Product requirements and scope |\n| [`docs/VibeAudit_TechSpec.md`](docs/VibeAudit_TechSpec.md) | Technical specification |\n| [`claude.md`](claude.md) | Extended product and implementation notes |\n\n---\n\n## 🧪 Testing\n\nThe project does not have a full automated test suite yet. Until package-specific tests are added, use the smallest relevant verification for your change:\n\n```bash\nnpm run lint\nnpm run build\nnpm run build:api\nnpm run build:web\n```\n\nFor behavior changes, include manual verification steps in your pull request. New tests should live beside the changed feature as `*.test.ts` or `*.test.tsx`.\n\n---\n\n## 🚢 Deployment\n\n### Frontend (Vercel)\n\n```bash\nnpm run build:web\nvercel --prod\n```\n\n### Backend (AWS ECS)\n\n```bash\nnpm run build:api\ndocker build -t vibeaudit-api .\ndocker push your-registry/vibeaudit-api:latest\n# Deploy via AWS Console or Terraform\n```\n\n### Database Migrations\n\n```bash\n# Production\nDATABASE_URL=\"postgresql://...\" npx prisma migrate deploy\n```\n\nSee [`SETUP.md`](SETUP.md) for complete deployment guide.\n\n---\n\n## 🔒 Security \u0026 Privacy\n\n### Security Commitments\n- ✅ All data encrypted at rest and in transit (HTTPS/TLS 1.3)\n- ✅ No code stored longer than necessary (deleted after report)\n- ✅ User scans are private by default\n- ✅ GDPR/CCPA compliant\n- ✅ No user code used for AI training\n\n### Data Retention\n\n| Data Type | Retention |\n|-----------|-----------|\n| Findings | Indefinitely (user-owned) |\n| Temp artifacts | Deleted after 24 hours |\n| PDFs | Indefinitely (user-owned) |\n\n### Privacy\n\n- We do not sell user data\n- We do not use user code for AI model training\n- Users can request full data deletion\n\n---\n\n## 🤝 Contributing\n\nVibeAudit is open source and welcomes contributions from builders, security practitioners, designers, and documentation contributors.\n\nGood first ways to help:\n\n- Report reproducible bugs with logs or screenshots\n- Improve setup docs and examples\n- Fix UI polish, accessibility, or empty states\n- Add scan rules, dependency checks, or report improvements\n- Review pull requests and test branches locally\n\nStart here:\n\n1. Read [CONTRIBUTING.md](CONTRIBUTING.md).\n2. Read the [Code of Conduct](CODE_OF_CONDUCT.md).\n3. For vulnerabilities, follow [SECURITY.md](SECURITY.md) instead of opening a public issue.\n4. Open an issue or choose one labeled `good first issue`, `help wanted`, or `documentation`.\n5. Fork the repository, create a focused branch, run the relevant checks, and open a pull request using the template.\n\nMaintainers review PRs into `master`, which is protected and requires pull request review.\n\n---\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## 🙋 Support\n\n- **Documentation:** Check the [`docs/`](docs/) folder\n- **Issues:** Open a GitHub issue\n- **Discussions:** Join our GitHub Discussions\n- **Email:** support@vibeaudit.dev\n\n---\n\n## 🗺️ Roadmap\n\n### MVP (Weeks 1-3) ✅\n- [x] GitHub repo scanning\n- [x] Live URL scanning\n- [x] Secrets detection\n- [x] AI explanations\n- [x] PDF reports\n\n### Phase 2 (Weeks 4-8)\n- [ ] Private GitHub repo scanning\n- [ ] Advanced DAST (API testing)\n- [ ] Stripe integration\n- [ ] Freelancer features\n\n### Phase 3+ (Months 2-3)\n- [ ] Team collaboration\n- [ ] Scheduled scans\n- [ ] Slack/webhook notifications\n- [ ] Compliance mapping\n\n---\n\n## 🌟 Acknowledgments\n\n- Built with [Next.js](https://nextjs.org)\n- Security scanning powered by [Semgrep](https://semgrep.dev), [OWASP ZAP](https://www.zaproxy.org), and [Trivy](https://aquasecurity.github.io/trivy)\n- AI explanations powered by [OpenAI GPT-4o](https://openai.com)\n- UI components from [shadcn/ui](https://ui.shadcn.com)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Built with ❤️ for indie developers everywhere**\n\n[⬆ Back to top](#vibeaudit)\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprincepal9120%2Fvibeaudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprincepal9120%2Fvibeaudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprincepal9120%2Fvibeaudit/lists"}