ulsc

ulsc / governor

Public

Extensible CLI for security-auditing AI-generated applications. Let's make vibe coding safe.

governor.sh ai security
6
0
100% credibility
Found Feb 17, 2026 at 5 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Governor is a command-line tool that performs repeatable security audits on AI-generated code using built-in and customizable checks powered by AI and rules.

How It Works

1
🔍 Discover Governor

Hear about a friendly tool that checks AI-made apps for security worries.

2
📥 Install with one command

Copy-paste a simple line to add it to your computer, ready in seconds.

3
⚙️ Set up your project space

Run a quick setup to create a spot for your security rules and reports.

4
🛡️ Audit your code folder

Point it at your app's files or zip and watch it spot potential dangers.

5
✏️ Create custom rules

Make checks that fit your team's unique security needs using templates.

6
🔄 Add to your daily flow

Hook it into code reviews or builds for automatic checks every time.

Build safer apps

Get clear reports on issues, fix them early, and code with confidence.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 5 to 6 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is governor?

Governor is a Go CLI for security auditing AI-generated apps, making "vibe coding" safer by scanning folders or zips for vulnerabilities. It runs built-in checks plus extensible custom ones—AI-powered or rule-based—outputting markdown, JSON, HTML reports, and SARIF for GitHub Code Scanning. Commands like `governor audit path`, `checks init --template authz`, and `scan file.go --quick` deliver repeatable audits with TUI progress and diff comparisons.

Why is it gaining traction?

Tailored for AI code influx, it extracts checks from your docs via `checks extract policy.md`, supports isolated container runs, and offers instant rule-only scans without network calls. GitHub Actions integration, pre-commit hooks, and multi-provider AI profiles (Codex, OpenAI, Claude) stand out from generic tools like cpu governor github alternatives. Devs hook on the extensible CLI workflow, blending github governor precision with custom policy enforcement.

Who should use this?

Security auditors processing AI-gen zips from vendors, backend teams gating merges with `hooks install`, or platform eng enforcing org checks across repos. Suits devs building extensible clip pipelines like cliquet extensible facom or ks tools setups, skipping boilerplate for policy-driven scans.

Verdict

Worth trying for AI code audits—excellent docs, install script, and full test suite despite 10 stars and 1.0% credibility score. Early maturity means validate outputs yourself, but its extensible CLI hooks make it a smart bet for growing teams.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.