Vigolium continuously scans popular open-source projects to validate detection coverage and demonstrate real-world results. These showcases are generated using Vigolium’s full scanning pipeline, native modules, agentic analysis (swarm + autopilot), and vigolium-audit whitebox security audits, against publicly available codebases.Documentation Index
Fetch the complete documentation index at: https://docs.vigolium.com/llms.txt
Use this file to discover all available pages before exploring further.
Showcase Dashboard
Browse all scan results at demo.vigolium.com/showcases.
Aggregate Results
| Metric | Count | Detail |
|---|---|---|
| Findings | 2,468 | vulnerabilities surfaced |
| Repositories | 69 | open-source projects audited |
| Lines of code | 90.2M | 407,919 files |
| Commits | 1.5M | history scanned |
What Gets Scanned
Each project goes through multiple scanning phases:| Phase | Description |
|---|---|
| Native scan | Deterministic module-based scanning across all 235 active + passive modules |
| Vigolium audit | Multi-phase AI security audit with adversarial debate chambers and cold verification |
| Agentic analysis | AI-driven review using Swarm mode for attack planning, triage, and custom extension generation |
How to Read the Reports
Each showcase report includes:- Severity rating: Critical, High, Medium, or Informational
- Vulnerability type: Mapped to CWE identifiers where applicable
- Affected endpoint or code path: With request/response evidence for DAST findings and file/line references for SAST findings
- Confidence level: Based on detection method (strict match, heuristic, or AI-assisted)
Findings are from automated scans against public repositories. Some results may be informational or context-dependent. Always verify findings before acting on them.