FixVibe

// docs / scans

Ụdị scan

FixVibe na-eme ụdị scan atọ megide ụdị targets atọ. Nke ọ bụla nwere gating dị iche, ọsọ dị iche, na blast radius dị iche — họrọ nke dabara ihe ị na-anwale.

Passive

Available on every tier. A passive scan never sends crafted attack input; it fetches the URL like a normal browser and checks shipped responses, client assets, BaaS exposure, DNS, and public security posture against 250+ vulnerability classes.

N'ihi na ọ bụ read-only, passive nwere ike ịgba megide URL ọ bụla — enweghị domain verification, enweghị attestation. Ihe a na-akwụ ụgwọ bụ omimi: passive na-atụfu ihe niile chọrọ izipu input iji chọpụta.

Ihe passive na-achọpụta

  • Security headers na-efu (HSTS, CSP, frame-options, wdg.).
  • Cookie attributes na-enweghị nchekwa (enweghị Secure / HttpOnly / SameSite).
  • TLS configuration adịghị ike, certs agwụla, HSTS preload na-efu.
  • Secrets na JS bundles (Supabase service keys, AWS keys, Stripe sk_, wdg.).
  • Source maps ekpughere, debug endpoints, OpenAPI specs, GraphQL introspection.
  • Supabase RLS / Firebase rules / Clerk misconfiguration mepere emepe.
  • DNS (subdomain takeover, SPF/DKIM/DMARC na-efu).
  • Threat-intel listings (Spamhaus, URLhaus).
  • Framework versions ochie nwere CVEs a maara.

Active Hobby+

Active scans perform bounded verification against verified domains you have explicitly authorized. They are available on the Hobby plan and higher tiers (Pro, Unlimited) and are designed to confirm risky behavior without publishing the underlying probe recipes.

Ihe mere anyị ji gate ya: usoro attestation

Active probes nwere ike imetụta production n'echiche — slow responses, error spikes, data mkpofu na test stores. Anyị chọrọ ka ị:

  1. Nyochaa domain ahụ site na DNS TXT ma ọ bụ HTTP file (Account → Domains).
  2. Kwenye authorization — nkwenye otu ugboro n'oge scan-start na-ekwu na ị nwere ikike. Server na-etinye stamp IP gị, user-agent, na timestamp; edere ya na audit_logs.

For scheduled re-scans and API/MCP active starts, domain authorization is recorded from Dashboard → Domains and can be revoked at any time. Automated active scans use the authorized safety level for that domain.

GitHub repository Pro+

Repo scans skip deployed URL testing and review source through the FixVibe GitHub App or your OAuth connection. They report high-confidence code, dependency, and repository-security risks without storing your source code.

Repo scans anaghị ede ihe na repo gị ma ọ dịghị mgbe ha na-echekwa source code — naanị finding evidence ka a na-echekwa. Quota: otu bucket scansPerMonth dị ka URL scans.

Kpalite site na API

curl
curl -X POST https://fixvibe.app/api/v1/scans \
  -H "Authorization: Bearer fxv_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

REST API and MCP can start passive scans, and can start active scans for verified domains that have been explicitly authorized in Dashboard → Domains. Full reference: /docs/api.

Anonymous one-shot scans

Home page na-ekwe ka ndị ọbịa na-edeghị aha gbaa otu passive scan kwa browser session. Scans ndị a na-expire awa 24 mgbe e kere ha, a pụkwara ibuga ha na account n'ezie ma ọ bụrụ na ị debanye aha tupu ha expire — auth callback na-ejikọta anonymous scan na org ọhụrụ n'akpaghị aka.

Ụdị scan — Docs · FixVibe