vulnerability-scanning

Vulnerability Scanning

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "vulnerability-scanning" with this command: npx skills add secondsky/claude-skills/secondsky-claude-skills-vulnerability-scanning

Vulnerability Scanning

Automate security vulnerability detection across code, dependencies, and containers.

Dependency Scanning

npm audit

npm audit --audit-level=high

Snyk

snyk test --severity-threshold=high

Safety (Python)

safety check --full-report

Container Scanning (Trivy)

Scan container image

trivy image myapp:latest --severity HIGH,CRITICAL

Scan filesystem

trivy fs --scanners vuln,secret .

GitHub Actions Integration

name: Security Scan

on: [push, pull_request]

jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4

  - name: Run Trivy vulnerability scanner
    uses: aquasecurity/trivy-action@master
    with:
      scan-type: 'fs'
      severity: 'CRITICAL,HIGH'
      exit-code: '1'

  - name: Run Snyk
    uses: snyk/actions/node@master
    env:
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
    with:
      args: --severity-threshold=high

  - name: npm audit
    run: npm audit --audit-level=high

Code Analysis (Bandit for Python)

bandit -r src/ -ll -ii

Node.js Scanner

const { execSync } = require('child_process');

function runSecurityScan() { const results = { npm: JSON.parse(execSync('npm audit --json').toString()), trivy: JSON.parse(execSync('trivy fs --format json .').toString()) };

const critical = results.npm.metadata?.vulnerabilities?.critical || 0; if (critical > 0) { console.error(Found ${critical} critical vulnerabilities); process.exit(1); } }

Best Practices

  • Integrate scanning in CI/CD pipeline

  • Fail builds on high/critical findings

  • Scan dependencies and containers

  • Track vulnerabilities over time

  • Document accepted false positives

Tools

  • Trivy (containers, filesystem)

  • Snyk (dependencies, code)

  • npm audit / yarn audit

  • Bandit (Python)

  • OWASP Dependency-Check

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

web-performance-audit

No summary provided by upstream source.

Repository SourceNeeds Review
-65
secondsky
Security

workers-security

No summary provided by upstream source.

Repository SourceNeeds Review
-58
secondsky
Security

api-security-hardening

No summary provided by upstream source.

Repository SourceNeeds Review
-57
secondsky