> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vigolium.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Open-Source Audit Showcases

> Real vulnerability scan reports from popular open-source projects, powered by Vigolium's agentic scanning engine

Vigolium continuously scans popular open-source projects to validate detection coverage and demonstrate real-world results. These showcases are generated using Vigolium's full scanning pipeline, native modules, agentic analysis (swarm + autopilot), and vigolium-audit whitebox security audits, against publicly available codebases.

## Showcase Dashboard

Browse all scan results at [demo.vigolium.com/showcases](https://demo.vigolium.com/showcases).

<Frame caption="Project list with severity breakdown per repository">
  <img src="https://mintcdn.com/vigolium/INiehdljY0lmbxY9/images/vigolium-opensource-audit-list.png?fit=max&auto=format&n=INiehdljY0lmbxY9&q=85&s=e3f375460a4e4cc320091fafe49b682a" alt="Open-source audit project list" width="2624" height="2366" data-path="images/vigolium-opensource-audit-list.png" />
</Frame>

<Frame caption="Detailed findings view for an individual project">
  <img src="https://mintcdn.com/vigolium/INiehdljY0lmbxY9/images/vigolium-opensource-audit-blur.png?fit=max&auto=format&n=INiehdljY0lmbxY9&q=85&s=d8dd70495db5500b4f0035bb0a25beed" alt="Open-source audit findings detail" width="2624" height="2366" data-path="images/vigolium-opensource-audit-blur.png" />
</Frame>

## Aggregate Results

| Metric            | Count | Detail                       |
| ----------------- | ----- | ---------------------------- |
| **Findings**      | 2,468 | vulnerabilities surfaced     |
| **Repositories**  | 69    | open-source projects audited |
| **Lines of code** | 90.2M | 407,919 files                |
| **Commits**       | 1.5M  | history scanned              |

## What Gets Scanned

Each project goes through multiple scanning phases:

| Phase                | Description                                                                                    |
| -------------------- | ---------------------------------------------------------------------------------------------- |
| **Native scan**      | Deterministic module-based scanning across all 313 active + passive modules                    |
| **Vigolium audit**   | Multi-phase AI security audit with adversarial debate chambers and cold verification           |
| **Agentic analysis** | AI-driven review using Swarm mode for attack planning, triage, and custom extension generation |

## How to Read the Reports

Each showcase report includes:

* **Severity rating**: Critical, High, Medium, or Informational
* **Vulnerability type**: Mapped to CWE identifiers where applicable
* **Affected endpoint or code path**: With request/response evidence for DAST findings and file/line references for SAST findings
* **Confidence level**: Based on detection method (strict match, heuristic, or AI-assisted)

<Note>
  Findings are from automated scans against public repositories. Some results may be informational or context-dependent. Always verify findings before acting on them.
</Note>
