Security5 min read

Offline Mode and Air-Gapped Scanning: Full Drift Intelligence Without Network Access

Some environments cannot reach the internet — defense, healthcare, financial services, or simply a laptop on a plane. Vibgrate's offline mode provides full drift scanning without any network calls, using a downloadable package-version manifest for version lookups.

Peter Chapman

Peter Chapman

Vibgrate Blog

When the Network Is Not an Option

Not every environment has internet access. Defense contractors work in SCIFs. Healthcare systems operate in isolated networks. Financial services firms run CI in air-gapped enclaves. And sometimes you are just on a plane and want to check your drift score.

Vibgrate's --offline flag was built for all of these scenarios.

How Offline Mode Works

vibgrate scan . --offline

When --offline is set:

  • No registry lookups: The CLI does not contact npm, NuGet, PyPI, or Maven registries.
  • No push behavior: Dashboard upload is automatically disabled.
  • No network calls of any kind: Nothing leaves your machine.

The trade-off is that without registry access, Vibgrate cannot determine the latest version of each package. Package freshness is marked as "unknown" and the drift score is necessarily partial.

The Package Manifest: Full Scoring Offline

To get complete drift scoring in offline environments, use a downloadable package-version manifest:

vibgrate scan . --offline --package-manifest ./latest-packages.zip

The manifest is a snapshot of the latest stable versions from the major registries (npm, NuGet, PyPI, Maven). Download it from a connected system and transfer it to your air-gapped environment:

# On a connected machine:
curl -o latest-packages.zip https://github.com/vibgrate/manifests/latest-packages.zip

# Transfer to air-gapped environment via approved media
# Then scan:
vibgrate scan . --offline --package-manifest ./latest-packages.zip

With the manifest, Vibgrate has everything it needs to compute a full drift score — without making a single network call.

Combining Offline with Other Flags

Offline mode works with all other scan options:

# Offline scan with JSON output
vibgrate scan . --offline --package-manifest ./latest-packages.zip --format json --out scan.json

# Offline scan with baseline comparison
vibgrate scan . --offline --package-manifest ./latest-packages.zip --baseline .vibgrate/baseline.json --drift-budget 40

# Offline scan with no local artifacts (maximum privacy)
vibgrate scan . --offline --package-manifest ./latest-packages.zip --no-local-artifacts --max-privacy

Practical Workflow for Air-Gapped Environments

  1. Download the manifest bundle on a connected machine (weekly or as often as your policy allows).
  2. Transfer it to the air-gapped environment via your approved data transfer process.
  3. Run the scan with --offline --package-manifest.
  4. Review findings locally — or export JSON/Markdown for sharing via approved channels.
  5. Optionally update the baseline if you make upgrades: vibgrate baseline .

The manifest is typically a few megabytes and updates weekly. Even with a monthly update cycle, your drift scores will be accurate to within a few weeks — far better than no scoring at all.

No Login, No Account, No SaaS Dependency

Offline mode is not a degraded experience with nagging upsell prompts. The Vibgrate CLI provides full value locally without any server connection. There is no login screen, no trial expiration, no feature gating. Offline is a first-class usage mode.

The Vibgrate Drift Intelligence Engine was built with the principle that drift analysis should be possible anywhere code exists — regardless of network connectivity, security classification, or organizational policy.

Scan anywhere. Sign up at dash.vibgrate.com to download the latest package manifest and start running drift scans in any environment — connected or not.

Topics

#offline-mode#air-gapped#privacy#vibgrate-cli#package-manifest#defense

Sources & References

Back to all articles