Algoshred/vibe-plugin-security-incident

# @vibecontrols/vibe-plugin-security-incident Targeted incident-response scanner for the `incident.response` lifecycle stage in [VibeControls](https://vibecontrols.com). Registers under provider name `cve-secret-blast-radius` against provider type `security.incident`, wrapping pinned Gitleaks (`8.21.2`) and Grype (`0.83.0`) restricted to the caller's targeted CVE / secret-rule subset. **Wave 2 scaffold — real tool integration pending.** The host security meta plugin ([`@vibecontrols/vibe-plugin-security`](https://www.npmjs.com/package/@vibecontrols/vibe-plugin-security)) dispatches incident-triage scan runs to this provider when the user picks "cve-secret-blast-radius" as their default for `incident.response`. ## Install vibe plugin install @vibecontrols/vibe-plugin-security-incident vibe security providers set-default --stage incident.response --provider cve-secret-blast-radius ## Planned behavior ## Configuration Per-vibe / per-incident config (stored in `RepositorySecurityConfig.pluginAssignments["incident.response"].config`): provider: cve-secret-blast-radius config: cves: - CVE-2024-12345 - CVE-2024-67890 secretRules: - aws-access-token - generic-api-key timeoutMs: 60000 # hard cap for sub-60s triage ## About VibeControls **VibeControls** is the agentic engineering mission control for AI-native teams. Vibe-plugins extend the VibeControls agent with new providers, tools, sessions, tunnels, storage backends, and security stages. - Website: - Documentation: - Plugin SDK: - All plugins: ## License Released under the [MIT License](./LICENSE). Copyright (c) 2026 Burdenoff Consultancy Services Private Limited, Algoshred Technologies Private Limited, and all its sister companies. Maintainer: **Vignesh T.V** —

标签：自动化攻击