Skip to main content
Back to Home
For Platform Engineers

Drift and vuln gates for CI that won't leak secrets or hang offline.

Platform teams need one gate they can drop into every pipeline: machine-readable output, an exit code that actually fails the build, a drift budget you set, and a scan that runs offline without touching your secrets. That's the Vibgrate CLI — and it keeps every repo on your golden path.

Try the Vibgrate CLIvg scan --format sarif --fail-on error

Free CLI · offline capable · nothing uploads unless you push it

Quick Start

Your first 10 minutes

Free CLI, offline capable. Nothing uploads unless you push it.

1Scan one repo
$ npx @vibgrate/cli scan

One command, no install — a DriftScore plus the CI systems, Docker base images, and IaC tooling the repo actually uses.

2Set the baseline
$ vg baseline
$ vg scan --baseline .vibgrate/baseline.json

Capture where the repo stands today, so gates fail on regressions — not on history.

3Gate the pipeline
$ vg scan --format sarif --fail-on error

The same gate in every pipeline. SARIF output feeds GitHub code scanning.

The Challenge

Platform Visibility at Scale

Platform engineering is about providing golden paths — standardized CI pipelines, approved container images, consistent infrastructure patterns. But as your org grows, repos drift. Teams customize pipelines. New cloud services get added without review. Before you know it, you're managing 50 different configurations.

Vibgrate gives you both the inventory and the gate. Every scan records which CI systems, Docker base images, and IaC tools each repo uses — and the same scan fails the pipeline when a repo drifts past the budget you set.

  • CI systems, Docker base images, and IaC tooling recorded in every scan
  • vg scan --fail-on error and --drift-budget <score> gates in any pipeline
  • SARIF output for GitHub code scanning
  • Baselines (vg baseline) so gates fail on regressions, not history
Key Benefits

Why Platform Engineers Choose Vibgrate

SARIF Output

vg scan --format sarif writes SARIF that drops straight into GitHub code scanning — and any tool that reads the format. Machine-readable results, no bespoke parsing.

Meaningful Exit Codes

Use --fail-on warn|error to return a non-zero exit code, so a drifted or vulnerable repo fails the build instead of passing quietly.

Drift Budgets & Baselines

Cap allowed drift with --drift-budget <score>, and use vg baseline so gates fail on new regressions, not on history you inherited.

Air-Gapped & Offline

The scan runs fully offline. No network call is required, so it works in locked-down and air-gapped CI runners.

Secrets Never Persisted

Vibgrate CLI reads your code locally and never writes secrets to disk or uploads them. Nothing leaves the machine unless you push results to Vibgrate Cloud.

One CLI, Every Ecosystem

The same scan covers ~19 ecosystems — Node, .NET, Python, Java, Go, Rust, Ruby, PHP, Swift, Dart, Elixir, Docker, Helm, and Terraform. One tool to roll out, not one per stack.

Topology

Service Dependency Mapping

Vibgrate discovers third-party services from each repo's dependencies — cloud providers, databases, auth, email, payments, messaging, observability, storage, and search — so you can review what every project actually depends on.

Spot unapproved services before they become entrenched. On the Business plan, define policies once in Vibgrate Cloud and track violations per repo instead of re-checking by hand.

Try it in your pipeline

Install the Vibgrate CLI however you ship, then drop vg scan --format sarif --fail-on error into any pipeline. No sign-up. Nothing uploads unless you push it.

# Run without installing anything
npx @vibgrate/cli scan

# Pin a version or see every command
npx @vibgrate/cli@latest --help

no install·Nothing is installed globally — ideal for CI or a one-off scan.