Will It Vibe logoWill It Vibe?
PRIVACY-015Low severity-4 points

SQL seed data inserts sensitive PII columns (heuristic)

Part of Documentation, UX & Accessibility, which counts for 15% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

A committed SQL script INSERTs into a column named like ssn/credit_card/date_of_birth/password. Seed/migration scripts are often copied from a real export, which is how genuine data ends up committed by accident.

Why it matters

A SQL script that inserts values into columns like ssn, credit_card, or date_of_birth and is committed to the repository puts that data into version-control history permanently, visible to anyone with repo access even after the file is later edited or removed. Seed and migration scripts are often copied from a real database export during setup, which is how genuine customer data ends up committed by accident. This check only looks at column names in the INSERT statement, so it is a heuristic: it flags the shape of the statement, not confirmed proof the values are real.

How to fix it

Replace any real-looking values in these columns with generated fake data (a library like Faker can produce realistic-but-fake names, SSNs, and card numbers), and confirm the original source of this seed file was not a raw export of production data. Keep sensitive-looking seed data out of version control going forward by generating it at setup time instead of committing static values.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Documentation, UX & Accessibility checks