Can I integrate this into my CI/CD pipeline?

Yes, it provides structured scripts and GitHub Actions YAML templates to automate security validation during every push or pull request.

How does it handle AI-specific security?

It features specialized audits for AI architectures, including ReDoS detection in heuristic patterns and integrity checks for semantic models.

Does this skill support secret detection?

Yes, it integrates with tools like TruffleHog to scan your filesystem and git history for leaked secrets, credentials, and private keys.

Can I use this for OWASP compliance?

Absolutely. It includes specific checks and grep patterns for the OWASP Top 10, covering Broken Access Control, Injection, and Cryptographic Failures.

Is it compatible with Docker-based architectures?

Yes, the skill includes commands for scanning Docker images and verifying network isolation and container security within 11-service environments.

Security Audit Scanner

Name: Security Audit Scanner
Author: tbartel74

bytbartel74

•

セキュリティとテスト

Automates comprehensive security audits, vulnerability scanning, and secret detection for complex multi-service architectures.

概要

The Security Audit Scanner is a specialized skill for Claude Code designed to maintain high security standards in complex software architectures like Vigil Guard v2.0.0. It automates critical security tasks including OWASP Top 10 compliance checks, TruffleHog secret detection, and dependency vulnerability scanning for npm and pip. Specifically optimized for 3-branch service architectures, it validates internal service isolation, checks for ReDoS in regex patterns, and monitors for model poisoning or prompt injection risks, making it an essential tool for developers building secure AI-powered systems with robust CI/CD security pipelines.

主な機能

Automated OWASP Top 10 compliance scanning and validation scripts
Deep secret detection using TruffleHog integration for codebases and git history
Multi-service vulnerability scanning for npm, pip, and Docker containers
Advanced 3-branch architecture security for heuristics, semantic, and LLM services
Ready-to-use CI/CD integration patterns for GitHub Actions
6 GitHub stars

ユースケース

Conducting full security audits on complex multi-service applications before production deployment
Identifying and remediating hardcoded secrets, credentials, or keys in the source code
Validating the security isolation and access control of internal API endpoints and AI model services

概要

主な機能

Automated OWASP Top 10 compliance scanning and validation scripts
Deep secret detection using TruffleHog integration for codebases and git history
Multi-service vulnerability scanning for npm, pip, and Docker containers
Advanced 3-branch architecture security for heuristics, semantic, and LLM services
Ready-to-use CI/CD integration patterns for GitHub Actions
6 GitHub stars

ユースケース

Conducting full security audits on complex multi-service applications before production deployment
Identifying and remediating hardcoded secrets, credentials, or keys in the source code
Validating the security isolation and access control of internal API endpoints and AI model services