A professional command-line tool that leverages Claude 4 Sonnet to perform comprehensive security analysis on your code. Get detailed security reports with actionable recommendations to improve your code's security posture.
- AI-Powered Analysis: Uses Claude 4 Sonnet for intelligent security vulnerability detection
- Comprehensive Reports: Generates detailed markdown reports with risk assessments
- Multi-Language Support: Analyzes 20+ programming languages
- Professional CLI: Beautiful, rich terminal interface with progress indicators
- Fast & Efficient: Quick analysis with detailed feedback
- Flexible Output: Custom output paths and automatic naming
- Structured Analysis: Executive summaries, detailed findings, and remediation roadmaps
- Privacy-Focused: Local report generation with secure API communication
pip install vibe-security-aiConfigure your Anthropic API key (Get one here):
vibe-security-ai --setupvibe-security-ai path/to/your/code.pyThat's it! Your security report will be generated in the security_reports/ folder.
pip install vibe-security-aigit clone https://github.com/colesmcintosh/vibe-check.git
cd vibe-check
pip install -e .Choose your preferred method:
Interactive Setup (Recommended)
vibe-security-ai --setupEnvironment Variable
export ANTHROPIC_API_KEY="your_api_key_here".env File
echo "ANTHROPIC_API_KEY=your_api_key_here" > .env# Analyze a file
vibe-security-ai app.py
# Custom output location
vibe-security-ai app.js --output custom_report.md
vibe-security-ai app.js -o custom_report.md
# Specify API key directly
vibe-security-ai script.php --api-key sk-your-key-here
# Get help
vibe-security-ai --help
# Check version
vibe-security-ai --version# Web application security audit
vibe-security-ai src/auth/login.py
# Frontend component analysis
vibe-security-ai components/UserProfile.tsx
# API endpoint security check
vibe-security-ai api/routes/users.js
# Database query analysis
vibe-security-ai models/user.sql
# Shell script security review
vibe-security-ai scripts/deploy.shVibe Security AI analyzes these file types:
| Category | Extensions |
|---|---|
| Web Frontend | .js, .ts, .jsx, .tsx, .html, .css, .scss, .vue, .svelte |
| Backend | .py, .java, .c, .cpp, .cs, .php, .rb, .go, .rs, .swift |
| Mobile | .kt, .scala, .dart, .m, .mm |
| Scripts | .sh, .bash, .zsh, .sql, .pl, .lua |
| Other | .r, .nim, .zig |
Note: Any text file can be analyzed, with confirmation for unrecognized extensions.
Each security analysis includes:
- Overall security posture assessment
- Risk level classification (Critical/High/Medium/Low)
- Summary of findings by severity
Critical Issues
- Immediate security threats requiring urgent attention
- Potential for data breaches or system compromise
High Priority
- Important vulnerabilities to address soon
- Significant security risks
Medium Priority
- Issues for next development cycle
- Security improvements and hardening
Low Priority
- Best practice recommendations
- Code quality and maintainability improvements
For each finding:
- Clear vulnerability description
- Exact code location (file and line numbers)
- Risk assessment and impact analysis
- Step-by-step remediation instructions
- Code examples showing fixes
- Industry best practices
- Prevention strategies
- Compliance considerations (OWASP, CWE)
- Prioritized action plan
VIBE SECURITY AI
Security Analysis Tool powered by Claude 4
Analyzing: src/auth/login.py
Report will be saved to: security_reports/login_security_report.md
Analyzing code for security vulnerabilities...
Analysis complete!
Security report saved to: security_reports/login_security_report.md
Analysis took: 2.34 seconds
Found: 2 Critical, 1 High, 3 Medium, 2 Low priority issues
# Security Analysis Report
**File Analyzed:** `src/auth/login.py`
**Analysis Date:** 2024-01-15 14:30:22
**Analysis Duration:** 2.34 seconds
**Tool:** Vibe Security AI
---
## π― Executive Summary
**Security Posture:** HIGH RISK
**Total Issues Found:** 8
- Critical: 2
- High: 1
- Medium: 3
- Low: 2
This analysis identified several critical security vulnerabilities...| Issue | Solution |
|---|---|
| "Anthropic API key not found" | Run vibe-security-ai --setup or set ANTHROPIC_API_KEY environment variable |
| "File not found" | Check file path and permissions |
| "API Error" | Verify internet connection and API key validity |
| "Permission denied" | Check file read permissions and output directory write access |
# Show detailed help
vibe-security-ai --help
# Check version
vibe-security-ai --version
# Test your setup
vibe-security-ai --setupvibe-security-ai/
βββ vibe_check/
β βββ __init__.py # Package metadata
β βββ cli.py # Main CLI application
βββ pyproject.toml # Modern Python packaging
βββ requirements.txt # Dependencies
βββ README.md # This file
βββ LICENSE # MIT License
βββ CHANGELOG.md # Version history
βββ PUBLISHING.md # Publishing guide
- click (>=8.1.0,<9.0.0): CLI framework
- anthropic (>=0.34.0,<1.0.0): Claude API client
- rich (>=13.0.0,<14.0.0): Terminal formatting
# Clone repository
git clone https://github.com/colesmcintosh/vibe-check.git
cd vibe-check
# Install in development mode
pip install -e .
# Run tests
python test_package.py
# Build package
python -m build- Secure Communication: All API calls use HTTPS encryption
- No Data Storage: Your code is not stored by the tool or Anthropic
- Local Reports: All analysis reports are saved locally only
- API Privacy: Review Anthropic's Privacy Policy for API data handling
- Open Source: Full source code available for security review
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Here are some areas for improvement:
- Additional programming language support
- Custom security rule definitions
- CI/CD pipeline integrations
- Batch file processing
- Configuration file support
- Custom report templates
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Bug Reports: GitHub Issues
- Documentation: GitHub Repository
- Questions: Open a GitHub Discussion
Made with care for secure coding practices
Vibe Security AI - Because security shouldn't be an afterthought