Documentation

Introduction

Welcome to the vigil documentation, the security scanner for AI-generated code.

Quick Start

Installation, first scan, and basic concepts.

CLI Reference

All commands, flags, and options available in the command-line interface.

Configuration

.vigil.yaml file, strategies, overrides, and config merge.

Rules Catalog

All 26 vigil rules across 4 categories with vulnerable code examples.

Output Formats

Human, JSON, JUnit XML, and SARIF 2.1.0 — available report formats.

CI/CD Integration

GitHub Actions, GitLab CI, Azure DevOps, pre-commit hooks, and quality gates.

Docker

Container usage, reference Dockerfile, and best practices.

Security

Threat model, OWASP alignment, CWE references, and vigil limitations.

Analyzers

Technical reference for implemented analyzers: DependencyAnalyzer, AuthAnalyzer, SecretsAnalyzer, and TestQualityAnalyzer.

Architecture

Internal structure, engine flow, analyzer protocol, and design decisions.

Best Practices

Recommendations for teams using AI agents to generate code.

Compliance & Enterprise Usage

Alignment with OWASP, CRA, SOC 2, ISO 27001, NIST, and enterprise pipeline usage.

Contributing

Guide to contributing to the project, development setup, and testing.

Introduction

Welcome to the vigil documentation, the security scanner for AI-generated code.

Quick Start

Installation, first scan, and basic concepts.

CLI Reference

All commands, flags, and options available in the command-line interface.

Configuration

.vigil.yaml file, strategies, overrides, and config merge.

Rules Catalog

All 26 vigil rules across 4 categories with vulnerable code examples.

Output Formats

Human, JSON, JUnit XML, and SARIF 2.1.0 — available report formats.

CI/CD Integration

GitHub Actions, GitLab CI, Azure DevOps, pre-commit hooks, and quality gates.

Docker

Container usage, reference Dockerfile, and best practices.

Security

Threat model, OWASP alignment, CWE references, and vigil limitations.

Analyzers

Technical reference for implemented analyzers: DependencyAnalyzer, AuthAnalyzer, SecretsAnalyzer, and TestQualityAnalyzer.

Architecture

Internal structure, engine flow, analyzer protocol, and design decisions.

Best Practices

Recommendations for teams using AI agents to generate code.

Compliance & Enterprise Usage

Alignment with OWASP, CRA, SOC 2, ISO 27001, NIST, and enterprise pipeline usage.

Contributing

Guide to contributing to the project, development setup, and testing.

Introduction

Welcome to the vigil documentation, the security scanner for AI-generated code.

Quick Start

Installation, first scan, and basic concepts.

CLI Reference

All commands, flags, and options available in the command-line interface.

Configuration

.vigil.yaml file, strategies, overrides, and config merge.

Rules Catalog

All 26 vigil rules across 4 categories with vulnerable code examples.

Output Formats

Human, JSON, JUnit XML, and SARIF 2.1.0 — available report formats.

CI/CD Integration

GitHub Actions, GitLab CI, Azure DevOps, pre-commit hooks, and quality gates.

Docker

Container usage, reference Dockerfile, and best practices.

Security

Threat model, OWASP alignment, CWE references, and vigil limitations.

Analyzers

Technical reference for implemented analyzers: DependencyAnalyzer, AuthAnalyzer, and SecretsAnalyzer.

Architecture

Internal structure, engine flow, analyzer protocol, and design decisions.

Best Practices

Recommendations for teams using AI agents to generate code.

Compliance & Enterprise Usage

Alignment with OWASP, CRA, SOC 2, ISO 27001, NIST, and enterprise pipeline usage.

Contributing

Guide to contributing to the project, development setup, and testing.

Introduction

Welcome to the vigil documentation, the security scanner for AI-generated code.

Quick Start

Installation, first scan, and basic concepts.

CLI Reference

All commands, flags, and options available in the command-line interface.

Configuration

.vigil.yaml file, strategies, overrides, and configuration merge.

Rules Catalog

All 26 vigil rules across 4 categories with vulnerable code examples.

Output Formats

Human, JSON, JUnit XML, and SARIF 2.1.0 — available report formats.

CI/CD Integration

GitHub Actions, GitLab CI, Azure DevOps, pre-commit hooks, and quality gates.

Docker

Container usage, reference Dockerfile, and best practices.

Security

Threat model, OWASP alignment, CWE references, and vigil's limitations.

Analyzers

Technical reference for implemented analyzers: DependencyAnalyzer and pending analyzers.

Architecture

Internal structure, engine flow, analyzer protocol, and design decisions.

Best Practices

Recommendations for teams using AI agents to generate code and wanting to maintain security standards.

Contributing

Guide to contributing to the project, development setup, and testing.

Introduction

Welcome to the vigil documentation, the security scanner for AI-generated code.

Quick Start

Installation, first scan, and basic concepts.

CLI Reference

All commands, flags, and options available in the command-line interface.

Configuration

.vigil.yaml file, strategies, overrides, and configuration merge.

Rules Catalog

All 26 vigil rules across 4 categories with vulnerable code examples.

Output Formats

Human, JSON, JUnit XML, and SARIF 2.1.0 — available report formats.

CI/CD Integration

GitHub Actions, GitLab CI, Azure DevOps, pre-commit hooks, and quality gates.

Docker

Container usage, reference Dockerfile, and best practices.

Security

Threat model, OWASP alignment, CWE references, and vigil's limitations.

Architecture

Internal structure, engine flow, analyzer protocol, and design decisions.

Best Practices

Recommendations for teams using AI agents to generate code.

Contributing

Guide to contributing to the project, development setup, and testing.