Documentation

Everything you need to secure your vibe-coded projects

Guides

Security Badges

Show visitors your site is secure. Embed a dynamic badge in your README, website, or documentation that updates automatically with your latest security score.

Badge Types

"Scanned by BoringSec"

Available on all plans including Free. Shows that your site has been scanned.

Scanned byBoringSec

"Vibe Verified"

Pro+

Premium badge showing your Vibe Security Score. Updates dynamically. Builds trust with users.

Vibe VerifiedA+

Embedding Your Badge

Markdown (README, docs)

[![BoringSec](https://boringsec.com/api/badge/YOUR_DOMAIN)](https://boringsec.com/report/YOUR_TOKEN)

Replace YOUR_DOMAIN with your domain (e.g., myapp.vercel.app).

HTML (website)

<a href="https://boringsec.com/report/YOUR_TOKEN">
  <img src="https://boringsec.com/api/badge/YOUR_DOMAIN"
       alt="BoringSec Security Score" />
</a>

React / Next.js

<a href="https://boringsec.com/report/YOUR_TOKEN"
   target="_blank" rel="noopener noreferrer">
  <img src="https://boringsec.com/api/badge/YOUR_DOMAIN"
       alt="BoringSec" height="20" />
</a>

Badge API

The badge endpoint returns an SVG image that can be embedded anywhere.

GET /api/badge/myapp.vercel.app

Response: SVG image with score and grade.

Caching: Badge refreshes with your latest scan (may be cached up to 1 hour by CDN).

CORS: Badge endpoint allows cross-origin embedding from any domain.

No auth required: Badge URLs are public — anyone can embed them.

Badge Generator

Use the visual badge generator to preview your badge, customize it, and copy the embed code:

Open Badge Generator

Why Add a Security Badge?

Trust signal. Users see your site is actively monitored for security.

Accountability. A public score motivates you to maintain high security.

Marketing. Every badge is a link to BoringSec — but also to your security report.

Competitive edge. In a world of AI-generated apps, verified security stands out.