VaultGuardSecurity scanning for AI-generated code

Detect secrets, vulnerabilities, and misconfigurations in seconds. One binary, zero dependencies.

Get Started

CLI Reference

🔐

Secret Detection

34 regex patterns across 17 providers. Shannon entropy analysis catches unstructured secrets that rules miss.

🛡️

Vulnerability Scanning

CVE detection via OSV.dev and NVD for npm, PyPI, Cargo, Go, Gem, and Composer lockfiles.

⚙️

Misconfiguration Detection

Catches hardcoded credentials, debug modes, insecure TLS settings, and exposed .env files.

📋

Baseline & Suppression

Mark known findings as accepted. Inline comments and file-based ignore rules keep your signal clean.

📊

Multiple Output Formats

Human-readable, JSON, and SARIF 2.1.0 output. Auto-saves results for remediation guidance.

🚀

CI/CD Ready

Exit codes, machine-readable output, and full env var configuration. Drop into any pipeline.

$ vaultguard scan

CRITICAL AWS access key detected src/config.py:15
HIGH GitHub token detected .env:3
HIGH CVE-2024-29041 in express@4.18.2 package.json:8
MEDIUM Debug mode enabled settings.yaml:3
MEDIUM Hardcoded DB password db.conf:7

+8 more issues

13 issues found (1 critical, 2 high, 4 medium, 6 low)
Files scanned: 847 | Duration: 2.3s

$ vaultguard fix
✓ Remediation report generated for 13 findings

17+

Secret Providers

Detection Patterns

Scan Modules

Platforms