đź”— View on GitHub: vulnerability-scanning

🚀 Quick Installation

Install via Claude Plugin Marketplace:

# Add the marketplace
/plugin marketplace add https://github.com/secondsky/claude-skills

# Install the skill
/plugin install vulnerability-scanning@claude-skills

Vulnerability Scanning

Automate security vulnerability detection across code, dependencies, and containers.

Dependency Scanning

# npm audit
npm audit --audit-level=high

# Snyk
snyk test --severity-threshold=high

# Safety (Python)
safety check --full-report

Container Scanning (Trivy)

# Scan container image
trivy image myapp:latest --severity HIGH,CRITICAL

# Scan filesystem
trivy fs --scanners vuln,secret .

GitHub Actions Integration

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          severity: 'CRITICAL,HIGH'
          exit-code: '1'

      - name: Run Snyk
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high

Best Practices

  • Integrate scanning in CI/CD pipeline
  • Fail builds on high/critical findings
  • Scan dependencies and containers
  • Track vulnerabilities over time
  • Document accepted false positives