Name: GitHubMate
Author: Manoj Alwis

Question 1

What is vibe-code security?

Accepted Answer

Vibe-coding refers to AI-assisted development where developers use tools like ChatGPT, Copilot, or Claude to generate large amounts of code quickly. This code often contains security anti-patterns: hardcoded API keys, missing authentication checks, SQL injection via string concatenation, and prompt injection vulnerabilities. GitHubMate detects 30+ AI-specific security patterns across web, mobile, and backend codebases.

Question 2

What is OWASP LLM Top 10?

Accepted Answer

The OWASP LLM Top 10 (2025) is the definitive security standard for applications using Large Language Models. It covers LLM01 Prompt Injection, LLM02 Insecure Output Handling, LLM03 Training Data Poisoning, LLM04 Model DoS, LLM05 Supply Chain, LLM06 Sensitive Data Disclosure, LLM07 Insecure Plugin Design, LLM08 Excessive Agency, LLM09 Misinformation, and LLM10 LLM Jacking. GitHubMate provides full coverage of all 10 categories through static pattern matching on source code.

Question 3

Is GitHubMate free?

Accepted Answer

Yes. GitHubMate is completely free with no account or signup required. You can scan any public GitHub repository instantly. Optionally connect your GitHub account to unlock private repo scanning and 5,000 API requests per hour (vs 60/hr unauthenticated).

Question 4

What is LLM jacking?

Accepted Answer

LLM Jacking (LLM10 in the OWASP LLM Top 10) occurs when attackers steal cloud credentials — AWS, Azure, GCP — from AI application source code to abuse expensive LLM APIs at the victim's cost. Real incidents have reached $46,000/day in unauthorized API charges. GitHubMate detects hardcoded cloud credentials and AI API keys that enable LLM jacking.

Question 5

How does GitHubMate detect secrets?

Accepted Answer

GitHubMate uses two techniques: (1) Named pattern matching for 30+ specific token formats including AWS access keys, OpenAI keys, Anthropic keys, GitHub PATs, Stripe keys, Twilio, SendGrid, and RSA/SSH keys. (2) Shannon entropy analysis — strings with entropy above 4.0 bits per character near secret-related keywords are flagged as potential unknown secrets.

Question 6

Does GitHubMate scan Dockerfiles and Terraform?

Accepted Answer

Yes. GitHubMate includes IaC security scanning for Dockerfiles (root user, latest tags, cap-add=ALL, SSH exposure), docker-compose (privileged containers, host networking), Kubernetes YAML (privileged pods, hostNetwork, allowPrivilegeEscalation), Terraform (open security groups, public S3 buckets, unencrypted RDS), and Fastlane (hardcoded App Store credentials in mobile CI/CD).

Question 7

What programming languages and ecosystems does GitHubMate support?

Accepted Answer

GitHubMate supports all major languages and ecosystems. Dependency CVE scanning covers npm (JavaScript/Node.js), PyPI (Python), Go modules, crates.io (Rust), RubyGems (Ruby), Maven (Android/Java), Pub (Flutter/Dart), and CocoaPods (iOS). SAST pattern matching covers JavaScript, TypeScript, Python, Java, Go, PHP, Ruby, and mobile frameworks including React Native, Flutter, Android, and iOS.

Question 8

What is the difference between GitHubMate and other security scanners?

Accepted Answer

GitHubMate is the only free scanner with dedicated vibe-code and AI-generated code risk detection, combining OWASP LLM Top 10 (2025) coverage with traditional OWASP Top 10:2021, secret scanning, live CVE lookup, and IaC scanning in a single client-side tool. No installation, no signup, no backend — everything runs in the browser using the GitHub API.

Question 9

Who created GitHubMate?

Accepted Answer

GitHubMate was created by Manoj Alwis, a software engineer and security tool builder. Manoj Alwis is the founder of GitHubMate and the author of the GitHubMate VS Code extension (publisher: ManojAlwis on the Visual Studio Code Marketplace). You can find him on GitHub at github.com/manojalwisnz and LinkedIn at au.linkedin.com/in/manojalwis.

Question 10

Who is Manoj Alwis?

Accepted Answer

Manoj Alwis is a software engineer and the founder of GitHubMate — a free AI-generated code security scanner with full OWASP LLM Top 10 (2025) coverage. He built GitHubMate to help developers detect security vulnerabilities in AI-generated and vibe-coded projects. Manoj Alwis is also the author of the GitHubMate VS Code extension available on the Visual Studio Code Marketplace.

Question 11

Does GitHubMate have a VS Code extension?

Accepted Answer

Yes. GitHubMate is available as a VS Code extension (publisher: ManojAlwis) on the Visual Studio Code Marketplace. It provides the same scanning engine with inline diagnostics in the VS Code Problems panel, an interactive security dashboard webview, SBOM export, and encrypted SecretStorage for API keys.