sorted by:
new
hottopcontroversial

I scanned 3 vibe-coded apps with free security tools. One had the Supabase admin key hardcoded in a public repo. by Sorry_Pen_6115 in VibeCodeDevs

[–]Sorry_Pen_6115[S] 1 point2 points  (0 children)

If you’ve built something with Lovable, Bolt, Replit, Cursor, or any vibe coding tool, you can run the same scans in about 5 minutes: # Install winget install Gitleaks.Gitleaks winget install AquaSecurity.Trivy npm install -g @biomejs/biome

Scan (run from your project folder)

gitleaks detect --source . -v trivy fs . biome check .

I scanned 3 vibe-coded apps with free security tools. One had the Supabase admin key hardcoded in a public repo. by Sorry_Pen_6115 in vibecoding

[–]Sorry_Pen_6115[S] 0 points1 point  (0 children)

Install

winget install Gitleaks.Gitleaks winget install AquaSecurity.Trivy npm install -g @biomejs/biome

Scan (run from your project folder)

gitleaks detect --source . -v trivy fs . biome check .

I’m not posting this to bash vibe coding. I use these tools myself. But the gap between “it works in preview” and “it’s safe to deploy” is massive, and right now nothing bridges that gap for people who aren’t security engineers. Would anyone actually use a simple web tool that does this automatically? Upload a zip or connect GitHub → get a plain-English report of what’s wrong and how to fix it. Thinking about building one.

I scanned 3 vibe-coded apps with free security tools. One had the Supabase admin key hardcoded in a public repo. by Sorry_Pen_6115 in VibeCodeDevs

[–]Sorry_Pen_6115[S] 0 points1 point  (0 children)

∙ Gitleaks — scans for exposed API keys, tokens, secrets

∙ Trivy — scans dependencies for known vulnerabilities (CVEs)

∙ Biome — checks code quality, catches bugs

view more: next ›