Committed Secrets Exposure
What it is
Git history scanner evidence indicates that secret material was committed to repository history.
This usually appears when generated code proves that a feature works but does not leave enough evidence that the launch boundary was checked.
How to fix it
Revoke and rotate affected credentials, inspect access logs, remove reachable history when feasible, and enforce pre-commit/CI secret scanning.
- 1Apply the remediation at the trusted server or deployment boundary.
- 2Add a regression test or smoke check that proves the intended control.
- 3Re-run VibeAudit with the relevant evidence class and keep unsupported scope visible.
How VibeAudit checks for this
VibeAudit checks this with scoped evidence from supported structural checks, external observations, and authorized probes where available. The free tier may show the surface name and an upgrade prompt, without private evidence or remediation details. Metadata-only surface maps do not create missing-control findings. Unsupported private repositories, authenticated behavior, destructive workflows, account configuration, and business logic remain unverified unless the scan includes matching local, imported, or authorized runtime evidence.
Related failure modes
Check your public launch surface and keep unsupported scope visible.
Run Quick Scan