vibe-coding-checklist

A comprehensive, actionable security checklist designed specifically for apps rapidly created ("vibe-coded") with AI tools. 🔗 Visit: https://www.vibecodingchecklist.com/

🚀 Why?

With recent advancements in AI, anyone can turn ideas into functional apps with just a few prompts. This rapid development can lead to apps missing essential security practices. This checklist helps ensure your vibe-coded apps stay secure and reliable.

📝 Checklist Structure

The checklist is organized into clear security categories:

1. Authentication & Authorization
2. Input Validation & Data Sanitization
3. Data Protection & Privacy
4. API Security
5. Infrastructure & Deployment Security
6. Frontend Security
7. Dependency & Supply Chain Security
8. Security Testing & Verification
9. Compliance & Documentation
10. Manage Your Secrets
11. AI-Specific Security Considerations

📂 Checklist File Format

The checklist is stored in a structured, easily readable and editable format in:

• checklist.json: JSON format for easy integration into applications, tools, and automated workflows.

🛠 Contributing

Contributions are highly encouraged! Security evolves rapidly, your expertise helps keep this checklist relevant.

How to contribute:

1. Fork this repository
2. Create your branch: git checkout -b feature/my-security-check
3. Make your changes: Update checklist.json or suggest edits/improvements.
4. Commit your changes: git commit -am 'Add some feature'
5. Push to your branch: git push origin feature/my-security-check
6. Open a Pull Request with a clear title and description of your changes.

Types of Contributions:

• Add new checklist items
• Refine or simplify existing items
• Clarify descriptions or language
• Report and fix typos or issues
• Suggest new security categories

🙌 Acknowledgements

Thanks to the community and early contributors for helping make this checklist robust and actionable!

📜 License

This project is open-source and available under the MIT License.