Vyper Guard Platform

Contract security that feels operational.

Trusted Vyper security signals from local development to production gates — fast to run, easy to review, and strict where it matters.

Quick start Open dashboard

Detectors

12 active checks

Highest risk

2 critical findings

Posture

Review required

Mr. Vyper

Live workflow preview

vault-audit

$ vyper-guard analyze contracts/Vault.vy

# detectors loaded: 12

# critical: 2

# high: 7

# score: 74 / 100

# recommendation: Review required

$ vyper-guard fix contracts/Vault.vy --fix-dry-run --max-auto-fix-tier B

# proposed edits: 3

# write operations: 0

Detector coverage snapshot

current dataset

Critical2

High7

Medium1

Low2

Total

12 findings

Gate

Manual review

Workflow timeline

From scan to release gate

Phase 01

Source Risk Profiling

Contract source is profiled with deterministic detector and semantic passes.

Phase 02

Signal Prioritization

Findings are ranked by severity and grouped into reviewer-ready triage lanes.

Phase 03

Remediation Planning

Fix plans are generated under tier constraints with dry-run-safe controls.

Phase 04

CI Policy Enforcement

Outputs are exported for severity gate checks and release-readiness decisions.

Command Studio

Understand the workflow in under a minute.

Choose a command path and preview realistic output. This gives non-developers a clear view of what the CLI does without opening a terminal.

Selected path

Baseline scan

command-preview

$ Analyzing Vault.vy

$ 12 detectors loaded

$ critical: 2

$ high: 3

$ score: 74 / 100

$ recommendation: Review required

CLI-first

Predictable command outputs for local and CI pipelines.

Safe by default

Dry-run paths help teams control remediation risk.

Audit ready

Exportable reports keep review trails transparent.

Need full reference?

Open docs and follow the install-to-ci command journey.

Open docs

Documentation Surface

How teams actually use Vyper Guard

Practical usage patterns from first local scan to CI gating, fix reviews, and post-deploy checks.

why

Why teams keep Vyper Guard in CI

Teams adopt Vyper Guard because it behaves the same in local runs and in CI. That consistency cuts review noise, shortens triage, and makes release decisions easier to defend.

Deterministic output keeps triage stable
Severity policy stays consistent from PR to release
Fix planning remains reviewer-led
Address analysis supports post-deploy verification

analysis

How a scan executes

Each scan follows one clear pipeline: input checks, detector execution, semantic validation, and score synthesis. You can compare results between commits without guessing what changed.

Input guardrails reject empty or comment-only files
Pattern + semantic checks reduce false positives
Severity penalties map cleanly to deployment risk
CLI, JSON, and Markdown outputs remain consistent

fix

Remediation controls

Remediation is intentionally conservative. Start with preview mode, set an automation tier, and keep fix plans as review artifacts before applying changes.

`--fix-dry-run` previews changes with zero writes
`--max-auto-fix-tier` limits automation scope
JSON fix plans plug into approval workflows

ops

Operational rollout

Roll out in phases: local developer checks first, PR gates next, then release policy enforcement. The same command set works across all stages.

Use severity thresholds to fail unsafe builds
Run address scans against deployed contracts
Generate stats/graphs for audit reporting

Security analytics model

Open Live Metrics

Detector severity mix

Penalty and cap policy per severity tier

Detector category spread