Changelog
What's new in VibeScan.
Product updates, new security checks, scanner improvements, and research releases.
v1.4.0FeatureMay 20, 2025
Research report: 50 AI-built apps analysed
- →Published original security research: We Scanned 50 AI-Built Apps.
- →Added bar chart visualisations showing prevalence of each vulnerability class.
- →Found 89% of vibe-coded apps have at least one critical issue.
v1.3.0FeatureMay 15, 2025
Comparison pages, methodology, security disclosure
- →Added /methodology: full transparency page documenting all 8 checks, accuracy limitations, and data handling.
- →Added /security: responsible disclosure policy with safe harbor language.
- →Added /compare/vibescan-vs-snyk, /compare/vibescan-vs-aikido, /compare/vibescan-vs-guardmint.
- →Added /status page with 90-day uptime history.
v1.2.0FeatureMay 10, 2025
Deep-dive security pages and sample report
- →Added /sample-report: full report preview with passed checks, blurred AI fix prompts, and CTA.
- →Added 4 security deep-dive pages: /exposed-supabase-key, /missing-rls, /open-admin-route, /cors-misconfiguration.
- →Each deep-dive includes step-by-step fix guides and copy-paste AI prompts.
- →Added /pricing standalone page with feature matrix and FAQ.
v1.1.0SecurityMay 3, 2025
Supabase RLS signal detection
- →New check: Supabase RLS signals — detects unauthenticated REST API responses returning row data.
- →New check: service role key pattern — flags the SUPABASE_SERVICE_ROLE_KEY if found in public JS.
- →Improved secrets detection: reduced false positives on documentation strings and placeholder values.
- →Added Replit and v0 stack detection.
v1.0.0LaunchApril 21, 2025
Public launch
- →VibeScan launches publicly.
- →Core checks: HTTPS, security headers (6 headers), CORS policy, secrets in JS bundles, robots.txt disclosure.
- →Security score (0–100) and letter grade (A–F).
- →Shareable report URLs with embeddable security badge.
- →Stripe checkout for Launch plan ($29/mo).