Changelog

What's new in VibeScan.

Product updates, new security checks, scanner improvements, and research releases.

v1.4.0FeatureMay 20, 2025

Research report: 50 AI-built apps analysed

  • Published original security research: We Scanned 50 AI-Built Apps.
  • Added bar chart visualisations showing prevalence of each vulnerability class.
  • Found 89% of vibe-coded apps have at least one critical issue.
Read more →
v1.3.0FeatureMay 15, 2025

Comparison pages, methodology, security disclosure

  • Added /methodology: full transparency page documenting all 8 checks, accuracy limitations, and data handling.
  • Added /security: responsible disclosure policy with safe harbor language.
  • Added /compare/vibescan-vs-snyk, /compare/vibescan-vs-aikido, /compare/vibescan-vs-guardmint.
  • Added /status page with 90-day uptime history.
v1.2.0FeatureMay 10, 2025

Deep-dive security pages and sample report

  • Added /sample-report: full report preview with passed checks, blurred AI fix prompts, and CTA.
  • Added 4 security deep-dive pages: /exposed-supabase-key, /missing-rls, /open-admin-route, /cors-misconfiguration.
  • Each deep-dive includes step-by-step fix guides and copy-paste AI prompts.
  • Added /pricing standalone page with feature matrix and FAQ.
v1.1.0SecurityMay 3, 2025

Supabase RLS signal detection

  • New check: Supabase RLS signals — detects unauthenticated REST API responses returning row data.
  • New check: service role key pattern — flags the SUPABASE_SERVICE_ROLE_KEY if found in public JS.
  • Improved secrets detection: reduced false positives on documentation strings and placeholder values.
  • Added Replit and v0 stack detection.
v1.0.0LaunchApril 21, 2025

Public launch

  • VibeScan launches publicly.
  • Core checks: HTTPS, security headers (6 headers), CORS policy, secrets in JS bundles, robots.txt disclosure.
  • Security score (0–100) and letter grade (A–F).
  • Shareable report URLs with embeddable security badge.
  • Stripe checkout for Launch plan ($29/mo).