Drift and vuln gates for CI that won't leak secrets or hang offline.
Platform teams need one gate they can drop into every pipeline: machine-readable output, an exit code that actually fails the build, a drift budget you set, and a scan that runs offline without touching your secrets. That's the Vibgrate CLI — and it keeps every repo on your golden path.
vg scan --format sarif --fail-on errorFree CLI · offline capable · nothing uploads unless you push it
- Writes SARIF for GitHub code scanning
- Non-zero exit code fails the build
- Caps drift with --drift-budget <score>
- Runs fully offline / air-gapped
- Secrets are never written to disk or uploaded
Your first 10 minutes
Free CLI, offline capable. Nothing uploads unless you push it.
One command, no install — a DriftScore plus the CI systems, Docker base images, and IaC tooling the repo actually uses.
Capture where the repo stands today, so gates fail on regressions — not on history.
The same gate in every pipeline. SARIF output feeds GitHub code scanning.
Platform Visibility at Scale
Platform engineering is about providing golden paths — standardized CI pipelines, approved container images, consistent infrastructure patterns. But as your org grows, repos drift. Teams customize pipelines. New cloud services get added without review. Before you know it, you're managing 50 different configurations.
Vibgrate gives you both the inventory and the gate. Every scan records which CI systems, Docker base images, and IaC tools each repo uses — and the same scan fails the pipeline when a repo drifts past the budget you set.
- CI systems, Docker base images, and IaC tooling recorded in every scan
- vg scan --fail-on error and --drift-budget <score> gates in any pipeline
- SARIF output for GitHub code scanning
- Baselines (vg baseline) so gates fail on regressions, not history
Why Platform Engineers Choose Vibgrate
SARIF Output
vg scan --format sarif writes SARIF that drops straight into GitHub code scanning — and any tool that reads the format. Machine-readable results, no bespoke parsing.
Meaningful Exit Codes
Use --fail-on warn|error to return a non-zero exit code, so a drifted or vulnerable repo fails the build instead of passing quietly.
Drift Budgets & Baselines
Cap allowed drift with --drift-budget <score>, and use vg baseline so gates fail on new regressions, not on history you inherited.
Air-Gapped & Offline
The scan runs fully offline. No network call is required, so it works in locked-down and air-gapped CI runners.
Secrets Never Persisted
Vibgrate CLI reads your code locally and never writes secrets to disk or uploads them. Nothing leaves the machine unless you push results to Vibgrate Cloud.
One CLI, Every Ecosystem
The same scan covers ~19 ecosystems — Node, .NET, Python, Java, Go, Rust, Ruby, PHP, Swift, Dart, Elixir, Docker, Helm, and Terraform. One tool to roll out, not one per stack.
Service Dependency Mapping
Vibgrate discovers third-party services from each repo's dependencies — cloud providers, databases, auth, email, payments, messaging, observability, storage, and search — so you can review what every project actually depends on.
Spot unapproved services before they become entrenched. On the Business plan, define policies once in Vibgrate Cloud and track violations per repo instead of re-checking by hand.
Try it in your pipeline
Install the Vibgrate CLI however you ship, then drop vg scan --format sarif --fail-on error into any pipeline. No sign-up. Nothing uploads unless you push it.
# Run without installing anything
npx @vibgrate/cli scan
# Pin a version or see every command
npx @vibgrate/cli@latest --helpno install·Nothing is installed globally — ideal for CI or a one-off scan.