SecureVibes is an AI-native security system designed to autonomously detect vulnerabilities in Vibecoded applications. Leveraging Claude's multi-agent architecture, it offers developers and security engineers a comprehensive, context-aware analysis of their codebase, identifying security flaws with concrete evidence and actionable recommendations. The system aims to provide a more intelligent and adaptive approach to static and dynamic application security testing.

How It Works

SecureVibes utilizes a sophisticated AI agent architecture, orchestrating five specialized agents: Assessment, Threat Modeling, Code Review, Dynamic Analysis (DAST), and Report Generation. Claude intelligently coordinates these agents, enabling autonomous code mapping, architecture-driven STRIDE threat analysis, and security vulnerability identification using a methodology that goes beyond simple pattern matching. This layered approach allows agents to build upon each other's findings, leading to more accurate and contextually relevant security assessments.

Quick Start & Requirements

Installation is available via PyPI (pip install securevibes) or directly from source for the latest changes. Authentication requires either session-based login via the claude CLI or setting the ANTHROPIC_API_KEY environment variable. Users must have access to Anthropic's Claude models (e.g., haiku, sonnet, opus), which can be selected via CLI flags or environment variables. Basic usage involves running securevibes scan /path/to/code. Runtime safety requires scanning only trusted repositories and using isolated CI runners, avoiding access to production credentials or sensitive networks.

Highlighted Details

• AI-Native Security: Employs a true agent architecture with autonomous orchestration for deep code analysis.
• Agentic Application Detection: Automatically identifies applications built with LLM agents and enforces OWASP ASI threat modeling requirements.
• Multi-Language Support: Scans 11 programming languages, intelligently excluding common directories like venv/ and node_modules/, and handling mixed-language projects.
• PR Review Integration: Facilitates incremental security checks by comparing code diffs against existing scan artifacts, streamlining security in CI/CD workflows.

Maintenance & Community

The project is built by @anshumanbh, with a website available at securevibes.ai for documentation and blog posts. A Discord community is available for engagement and support.

Licensing & Compatibility

The provided README does not explicitly state a software license. Users should exercise caution regarding usage rights and compatibility, particularly for commercial or closed-source applications, until a license is clarified.

Limitations & Caveats

SecureVibes sends source code to Anthropic's Claude API for analysis; users must review Anthropic's privacy policy and consider scanning only public portions of sensitive codebases. Runtime safety necessitates running scans on trusted repositories and within isolated environments. PR review functionality may fail closed if diff context is excessively large or complex. The PyPI package may not always contain the absolute latest code changes compared to the source repository.