Documentation
Wire Vibe Shield into your build & ops loop
Five integration paths, one control plane. Pick the entry point that matches where your risk lives today.
Quickstart
- Create a workspace at /login — takes ~60 seconds.
- Step through the 5-stage onboarding (workspace → alerts → token → invites → trust badge).
- Connect your first source: GitHub repo, CI pipeline, or upload scan output via API.
- Review findings in
/scansand configure auto-remediation thresholds. - Publish your
/trustbadge so customers can verify posture in real time.
API Reference
All public endpoints are under /api/public/v1/ and require a bearer token from Settings → API tokens.
curl -X POST https://vibeshield.aitwcloud.com/api/public/v1/scan \
-H "Authorization: Bearer vs_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"repo": "my-org/my-app",
"commit": "a1b2c3d",
"findings": [{ "type": "secret", "severity": "high", "file": "config.ts" }]
}'CI/CD Setup
GitHub Actions example — fails the PR if any critical findings appear:
- name: Vibe Shield scan
uses: vibeshield/scan-action@v1
with:
token: ${{ secrets.VIBESHIELD_TOKEN }}
fail-on: criticalGitLab, CircleCI, and Bitbucket recipes are in CI/CD Integrations.
Trust Badge Embed
Drop this on your marketing site to display live posture:
<a href="https://vibeshield.aitwcloud.com/trust/your-slug">
<img
src="https://vibeshield.aitwcloud.com/api/public/v1/badge/your-slug"
alt="Verified by Vibe Shield"
width="200"
height="60"
/>
</a>Webhook Payloads
Configure receiver URLs in Notifications. Each event carries an X-VibeShield-Signature HMAC-SHA256 header.
{
"event": "finding.critical",
"workspace": "acme",
"scan_id": "scn_01J...",
"finding": {
"id": "fnd_01J...",
"type": "secret",
"severity": "critical",
"file": "src/config.ts",
"line": 42
},
"timestamp": "2026-05-27T12:00:00Z"
}Alert Channels
Slack, generic webhook, and email channels with a per-channel minimum risk threshold. See Notifications to wire one up — Slack uses incoming webhooks (no OAuth needed).