VibeReview VibeReview
Sign in Get started

Getting started

What VibeReview learns from your code (and what it doesn't store)

Threat models, guardrails, and OWASP mappings persist. Raw code does not. Here is the line between derived artifacts and source.

5 min read

When you connect a repo, VibeReview's profiler reads the code in per-request compute. That worker dies as soon as the threat model is generated. The raw code is gone. What persists is the derived data: the threat model, the guardrails, the OWASP and CWE mappings, the code-profile metadata.

Persisted artifacts

  • Code profile (languages, frameworks, dependencies, structural patterns)
  • Threat model (entry points, trust boundaries, data flows, AI failure modes)
  • Guardrails (YAML files in a repo your team owns)
  • OWASP, CWE, and framework taxonomy mappings per finding
  • PR review comments and the audit log of guardrail enforcement

What is never persisted

Source code. Test data. Repository secrets. The profiler workload reads code only to build the artifacts above and is torn down on completion. There is no engineer-facing shell into a customer workload, no offline copy, no debug snapshot.

Want a walk-through on a shared screen?

Book a 30-minute session with our team.

Book a session