What tools does SCA Runner use for scanning?

SCA Runner wraps npm audit for Node.js projects and Trivy for comprehensive multi-language support including Python, Go, and Rust.

What do the exit codes indicate?

An exit code of 0 means no vulnerabilities were found, 1 indicates vulnerabilities were detected, and 2 indicates a tool error or missing dependency.

How are vulnerability severities categorized?

The tool categorizes findings into Critical, High, Medium, and Low levels based on standard CVSS scores and provides details on the fixed version if available.

Can I scan a specific lockfile?

Yes, you can specify a direct path to a package file, such as ./package-lock.json, when running the scanner command.

Does it support languages other than JavaScript?

Yes, through the Trivy scanner, it supports Node.js, Python, Go, Ruby, Rust, Java, and .NET.

SCA Runner

Name: SCA Runner
Author: naporin0624

bynaporin0624

•

보안 및 테스팅

Runs Software Composition Analysis (SCA) to identify and mitigate vulnerabilities in project dependencies across multiple languages.

SCA Runner is a specialized security skill designed to audit project dependencies for known vulnerabilities. By integrating industry-standard tools like npm audit and Trivy, it provides deep visibility into your software supply chain, identifying critical CVEs, prototype pollution, and other security risks. This skill is essential for developers maintaining high security standards, allowing for automated vulnerability checks and clear remediation paths within the Claude environment, supporting a wide range of ecosystems including Node.js, Python, Go, and Rust.

주요 기능

01Multi-scanner support using npm audit and Trivy

02Standardized JSON output for automated security reporting

03Summary reports categorizing findings by severity levels from Low to Critical

04Support for multiple languages including Node.js, Python, Go, Ruby, and Rust

05Automatic detection of vulnerable packages and recommended fixed versions

062 GitHub stars

사용 사례

01Identifying and updating dependencies affected by prototype pollution or DoS vulnerabilities

02Auditing a repository for known CVEs before a production deployment

03Standardizing security scanning workflows across polyglot codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins sca-runner

For use in Claude.ai and ChatGPT

주요 기능

01Multi-scanner support using npm audit and Trivy

02Standardized JSON output for automated security reporting

03Summary reports categorizing findings by severity levels from Low to Critical

04Support for multiple languages including Node.js, Python, Go, Ruby, and Rust

05Automatic detection of vulnerable packages and recommended fixed versions

062 GitHub stars

사용 사례

01Identifying and updating dependencies affected by prototype pollution or DoS vulnerabilities

02Auditing a repository for known CVEs before a production deployment

03Standardizing security scanning workflows across polyglot codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins sca-runner

For use in Claude.ai and ChatGPT