AI-Native Platform to Secure Vibecoded Applications
Project description
🛡️ SecureVibes
AI-Native Security Scanner for Vibecoded Applications
SecureVibes uses Claude's multi-agent architecture to autonomously find security vulnerabilities in your codebase. Four specialized AI agents work together to deliver comprehensive, context-aware security analysis with concrete evidence.
🚀 Quick Start
# Install
pip install securevibes
# Configure API key
export CLAUDE_API_KEY="your-api-key-here"
# Scan your project
securevibes scan .
# View results
securevibes report
Get your Claude API key from: https://console.anthropic.com/
✨ What You Get
- ✅ Exact file paths and line numbers for every vulnerability
- ✅ CWE IDs for industry-standard tracking
- ✅ Concrete code snippets showing the vulnerable code
- ✅ Remediation recommendations with actionable fixes
- ✅ Exploitability analysis with realistic attack scenarios
🤖 Multi-Agent Architecture
SecureVibes orchestrates 4 specialized Claude agents:
- Assessment Agent - Maps codebase architecture and technology stack
- Threat Modeling Agent - Applies STRIDE methodology for realistic threats
- Code Review Agent - Uses security thinking framework to find vulnerabilities
- Report Generator - Compiles findings into actionable reports
Key Difference: Unlike traditional pattern-matching tools, SecureVibes agents understand your code's context, architecture, and business logic to find novel vulnerabilities that static analysis misses.
📊 Example Scan
$ securevibes scan .
🛡️ SecureVibes Security Scanner
📁 Scanning: /Users/xyz/repos/my-project
🤖 Model: sonnet
============================================================
✅ Phase 1/4: Architecture Assessment Complete
✅ Phase 2/4: Threat Modeling (STRIDE Analysis) Complete
✅ Phase 3/4: Code Review (Security Analysis) Complete
✅ Phase 4/4: Report Generation Complete
================================================================================
📊 Scan Results
================================================================================
📁 Files scanned: 1953
⏱️ Scan time: 1053.66s
💰 Total cost: $2.27
🐛 Issues found: 28
🔴 Critical: 5
🟠 High: 10
🟡 Medium: 10
🟢 Low: 3
🎯 Common Use Cases
# Export JSON for CI/CD pipeline
securevibes scan . --format json --output security-report.json
# Focus on critical/high severity
securevibes scan . --severity high
# Fast scan with cheaper model
securevibes scan . --model haiku
# Quiet mode for automation
securevibes scan . --quiet
⚙️ Configuration
Control agent models and analysis depth via environment variables:
# Required
export CLAUDE_API_KEY='your-api-key'
# Optional: Customize agent models (default: sonnet)
export SECUREVIBES_CODE_REVIEW_MODEL="opus" # Max accuracy
export SECUREVIBES_THREAT_MODELING_MODEL="sonnet"
# Optional: Control analysis depth (default: 50)
export SECUREVIBES_MAX_TURNS=75 # Deeper analysis
Models: haiku (fast/cheap) | sonnet (balanced) | opus (thorough/expensive)
🐍 Python API
import asyncio
from securevibes import SecurityScanner
async def main():
scanner = SecurityScanner(
api_key="your-api-key",
model="claude-3-5-sonnet-20241022"
)
result = await scanner.scan("/path/to/repo")
print(f"Found {len(result.issues)} vulnerabilities")
asyncio.run(main())
🔒 Privacy & Security
What SecureVibes sends to Anthropic:
- Your source code files
- Relative file paths within the scanned repository
What SecureVibes does NOT send:
- Absolute paths or usernames
- Environment variables or secrets
- Git history or metadata
⚠️ Important: SecureVibes sends your code to Anthropic's Claude API for analysis. Review Anthropic's Privacy Policy before scanning proprietary code.
📚 Full Documentation
This is a quick reference for PyPI users. For comprehensive documentation, visit:
📖 Full Documentation on GitHub
Including:
👤 Author & Support
Built by @anshumanbh
- 🐛 Bug Reports: GitHub Issues
- 💡 Feature Requests: GitHub Discussions
- 🌟 Star the repo to follow development!
🙏 Acknowledgments
- Powered by Claude by Anthropic
- Built with Claude Agent SDK
- Inspired by traditional SAST tools, reimagined with AI
License: AGPL-3.0 | Requires: Python 3.10+
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securevibes-0.1.1.tar.gz.
File metadata
- Download URL: securevibes-0.1.1.tar.gz
- Upload date:
- Size: 42.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
88c1d7662a7d56cd4613f961674de2576f8d5565afe75f40febb6683a69af342
|
|
| MD5 |
b746987aedc7f6e294a7809fa05eb695
|
|
| BLAKE2b-256 |
3b71e5b46a69d6c681caa31c5d3ccf1c9527954ba7a563f6e4e36e2df5dcfc8c
|
File details
Details for the file securevibes-0.1.1-py3-none-any.whl.
File metadata
- Download URL: securevibes-0.1.1-py3-none-any.whl
- Upload date:
- Size: 33.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
886f69342e3c5429bf6cd30fd015c40d96ec879c6ed1141195c2697c96ec7653
|
|
| MD5 |
908750212e39675d736a2c3daf6e7bbb
|
|
| BLAKE2b-256 |
742d5be700cf7187147652b15d7d3fb08201483561e2647821814e6d90892b71
|
