Do you think we should trust a security scanner that was vibe coded over three days?
debu_sinha_1•1h ago
Fair question. The commit history is compressed, but the quality bar is the same
regardless of timeline:
- 206 tests across 18 test files (unit + integration)
- Benchmark on a 20-fixture suite: P=0.82, R=1.00, F1=0.90, Critical Recall 1.00
- Cross-platform CI (Python 3.10/3.12/3.13 on Ubuntu + macOS)
- Fully type-checked with mypy strict mode
- Self-scan in CI (agentsec scans itself every push)
- pip-audit for dependency vulnerabilities
- SARIF output validated against the spec
The benchmark, test suite, and all case study artifacts are reproducible --
scripts are in the repo if you want to verify.
I'd rather people judge the tool by its detection accuracy and false positive
rate than by the git log dates. The benchmark data is public and the methodology
is documented.
verdverm•23m ago
Ai bots and other automated tools for posting are against HN rules.
fyi, it's not about the commits per se, it's about expertise and experience in one of the most critical areas of computing. Only a fool would use something vibe coded for security
verdverm•1h ago
debu_sinha_1•1h ago
verdverm•23m ago
fyi, it's not about the commits per se, it's about expertise and experience in one of the most critical areas of computing. Only a fool would use something vibe coded for security