Which programming languages does the CVE Audit skill support?

The skill currently supports Node.js (npm), Python (pip), Ruby (Bundler), Go (Go Modules), and Java (Maven) by parsing their respective manifest files.

Can I use this skill in my CI/CD pipeline?

Yes, it is designed for automation with specific exit codes (1 if vulnerabilities are found) and a --json flag for structured data processing.

Where does the vulnerability data come from?

The skill queries the OpenCVE database and references the official CVE database and CVSS scoring guides for accuracy.

How often is the CVE data updated?

Results are cached for 24 hours to improve performance, but you can use the --no-cache flag to bypass the cache and fetch the most recent data.

Does it check transitive dependencies?

No, this skill currently focuses on scanning direct dependencies listed in your source manifest files like package.json or requirements.txt.

CVE Dependency Audit

Name: CVE Dependency Audit
Author: Mearman

byMearman

•

Seguridad y Pruebas

Scans project dependencies across multiple programming languages to identify and report known security vulnerabilities and CVEs.

Acerca de

CVE Dependency Audit is a comprehensive security tool for Claude Code that automatically detects and analyzes dependency manifest files—including package.json, requirements.txt, and go.mod—to identify known Common Vulnerabilities and Exposures (CVEs). It provides developers with actionable security intelligence, including CVSS scores and severity levels, allowing for proactive vulnerability management within the development environment. Whether performing a routine health check or a pre-deployment security review, this skill streamlines the process of ensuring software supply chain security across Node.js, Python, Ruby, Go, and Java ecosystems.

Características Principales

Multi-language support for Node.js, Python, Ruby, Go, and Maven
Machine-readable JSON output for CI/CD integration and compliance
2 GitHub stars
Detailed vulnerability reporting with CVSS scores and severity levels
Automatic detection and parsing of dependency manifest files
Configurable filtering by severity from Critical to Low

Casos de Uso

Conducting pre-deployment security audits to prevent shipping vulnerabilities to production
Performing regular dependency health checks to identify newly discovered CVEs in existing projects
Generating automated compliance reports for security reviews and organizational audits

Acerca de

Características Principales

Multi-language support for Node.js, Python, Ruby, Go, and Maven
Machine-readable JSON output for CI/CD integration and compliance
2 GitHub stars
Detailed vulnerability reporting with CVSS scores and severity levels
Automatic detection and parsing of dependency manifest files
Configurable filtering by severity from Critical to Low

Casos de Uso

Conducting pre-deployment security audits to prevent shipping vulnerabilities to production
Performing regular dependency health checks to identify newly discovered CVEs in existing projects
Generating automated compliance reports for security reviews and organizational audits