Can I ignore specific security findings?

Yes, you can use inline comments like '# security-scan: ignore' or create a '.security-scan-ignore' file for bulk exclusions.

Which file types does this scanner support?

The scanner supports Docker Compose (yml/yaml), Kubernetes manifests (yaml), and Terraform files (.tf, .tfvars).

Does it provide specific code to fix the issues?

Yes, every finding includes a detailed 'Fix' section with the exact code snippet needed to remediate the vulnerability.

How does it help with security compliance?

The scanner maps its detection rules to industry standards including CIS Docker Benchmark, CIS Kubernetes Benchmark, and OWASP categories.

Can this be integrated into my deployment pipeline?

Absolutely. It can be configured as a pre-write hook in Claude or as a standard step in GitHub Actions and other CI/CD tools.

Infrastructure Security Scanner

Name: Infrastructure Security Scanner
Author: cassao29

bycassao29

보안 및 테스팅

Scans infrastructure configuration files for security vulnerabilities and misconfigurations in Docker, Kubernetes, and Terraform.

소개

This skill provides automated security auditing for modern infrastructure-as-code and container orchestration files. By analyzing Docker Compose, Kubernetes manifests, and Terraform scripts, it identifies critical risks such as public port bindings, privileged containers, and unencrypted storage. It goes beyond simple detection by providing detailed remediation guidance, risk explanations, and compliance mapping to CIS benchmarks and OWASP standards, ensuring your cloud infrastructure remains secure and compliant throughout the development lifecycle.

주요 기능

Pre-write hooks and CI/CD integration for automated security gates
0 GitHub stars
Severity-based reporting with Critical, Medium, and Low risk classifications
Compliance mapping to CIS Benchmarks and OWASP security standards
Detailed remediation guidance with specific code fixes for every finding
Multi-platform scanning for Docker Compose, Kubernetes, and Terraform files

사용 사례

Enforcing infrastructure-as-code (IaC) best practices across a development team
Auditing local configuration files before committing code to a repository
Automating security checks within a CI/CD pipeline to block vulnerable deployments

소개

주요 기능

Pre-write hooks and CI/CD integration for automated security gates
0 GitHub stars
Severity-based reporting with Critical, Medium, and Low risk classifications
Compliance mapping to CIS Benchmarks and OWASP security standards
Detailed remediation guidance with specific code fixes for every finding
Multi-platform scanning for Docker Compose, Kubernetes, and Terraform files

사용 사례

Enforcing infrastructure-as-code (IaC) best practices across a development team
Auditing local configuration files before committing code to a repository
Automating security checks within a CI/CD pipeline to block vulnerable deployments