UNPKG

vibesec

Version:

Security scanner for AI-generated code - detects vulnerabilities in vibe-coded projects

github.com/ferg-cod3s/vibesec-bun-poc

ferg-cod3s/vibesec-bun-poc

51 lines (38 loc) 1.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# VibeSec Detection Rules YAML-based security detection rules for VibeSec scanner. ## Structure ``` rules/ ├── default/ # Built-in rules (maintained by VibeSec) │ ├── javascript.yaml │ ├── python.yaml │ ├── go.yaml │ └── ai-patterns.yaml ├── community/ # Community-contributed rules └── schema.json # Rule definition schema ``` ## Rule Categories - **secrets**: Hardcoded credentials (API keys, passwords) - **injection**: Input validation flaws (SQL injection, XSS) - **auth**: Authentication/authorization issues - **ai-specific**: AI-generated code patterns - **incomplete**: Placeholder/TODO code - **crypto**: Cryptographic weaknesses - **config**: Misconfigurations (CORS, debug mode) ## Creating Rules See [DETECTION_RULES.md](../docs/DETECTION_RULES.md) for: - Rule schema documentation - Examples of built-in rules - How to create custom rules - Testing and validation ## Contributing We welcome community-contributed rules! See [CONTRIBUTING.md](../docs/CONTRIBUTING.md) for: - Submission guidelines - Quality standards - Bounty program details ## Rule Updates Update community rules: ```bash vibesec update-rules ``` This pulls the latest rules from the VibeSec community repository.