Skip to main content
Scanners

Security Scanners Scanner

Local security scanner orchestration and readiness analysis.

The Security Scanners scanner detects installed security tools and their readiness status. Rather than duplicating existing scanners, it orchestrates and reports on your local security tool chain.


Supported Scanners

ScannerPurposeConfig Files
gitleaksSecret scanning.gitleaks.toml
trivyContainer & filesystem vulnerabilitiestrivy.yaml
semgrepStatic analysis.semgrep.yml, .semgrep/
snykDependency vulnerabilities.snyk
checkovIaC security.checkov.yaml
trufflehogSecret detectionN/A
grypeVulnerability scanningN/A

Detection Status

For each scanner, Vibgrate reports:

StatusDescription
InstalledFound in PATH
VersionCurrent installed version
Config foundLocal config file present
Version freshnessHow old compared to latest release

Use Cases

CI Security Readiness

Verify security tools are available before running scans:

- name: Check security tools
  run: |
    MISSING=$(npx @vibgrate/cli scan --format json | jq '[.securityScanners | to_entries[] | select(.value.installed == false) | .key] | length')
    if [ "$MISSING" -gt 0 ]; then
      echo "Missing security scanners detected — install them before scanning"
      exit 1
    fi

Security Onboarding

For new repositories, ensure standard security tools are configured:

vg scan --format json | jq '.securityScanners | to_entries[] | "(.key): (if .value.installed then "✅" else "❌" end)"'

Example Output

{
  "securityScanners": {
    "gitleaks": {
      "installed": true,
      "version": "8.18.1",
      "latestVersion": "8.18.2",
      "configFound": true,
      "configPath": ".gitleaks.toml"
    },
    "trivy": {
      "installed": true,
      "version": "0.48.0",
      "latestVersion": "0.49.1",
      "configFound": false
    },
    "semgrep": {
      "installed": false,
      "installCommand": "brew install semgrep"
    },
    "snyk": {
      "installed": true,
      "version": "1.1260.0",
      "configFound": true,
      "configPath": ".snyk"
    }
  }
}

Limitations

This scanner reports tool availability, not scan results:

What It DoesWhat It Does NOT Do
Detect installed toolsRun security scans
Check config filesParse scan results
Suggest installationsReplace your security pipeline

For actual security scanning, use the detected tools directly in your CI pipeline.

Related Documentation