Can I integrate this skill into my CI/CD pipeline?

Yes, the skill is designed for integration with GitHub Actions and other CI tools, allowing you to generate SARIF reports and block builds if critical vulnerabilities are detected.

Does it provide the actual code to fix the security issues?

Yes, every finding includes a detailed 'How' section that provides step-by-step fix instructions and specific code snippets to remediate the vulnerability.

How does it minimize false positives during secret detection?

It uses a multi-stage process involving regex pattern matching, entropy analysis to distinguish random strings from text, and context checking to ignore test keys or placeholder patterns.

Which package managers does the Security Scanner support?

The scanner supports a wide range of ecosystems including npm, yarn, pnpm (JavaScript/TypeScript), pip, poetry (Python), go (Golang), cargo (Rust), composer (PHP), and bundler (Ruby).

Security Scanner

Name: Security Scanner
Author: ialameh

byialameh

보안 및 테스팅

Performs comprehensive security audits, secret detection, and vulnerability scanning for modern codebases.

소개

The Security Scanner skill is a powerful audit tool designed to safeguard your codebase by identifying high-risk vulnerabilities before they reach production. It combines multi-layer detection strategies including secret scanning for over 50 providers, dependency vulnerability analysis across major package managers, and deep static analysis for OWASP Top 10 risks. By providing automated security scoring and detailed remediation guidance—including specific code fixes and verification steps—this skill enables developers to proactively manage security debt and integrate automated safety gates into their CI/CD workflows.

주요 기능

Automated 0-100 security scoring with weighted deductions and bonuses.
0 GitHub stars
Secret detection for 50+ providers including AWS, GCP, GitHub, and Stripe.
Deep static analysis covering OWASP Top 10 risks like injection and SSRF.
Actionable remediation guides with before-and-after code implementation examples.
Cross-language dependency scanning for npm, pip, go, cargo, and more.

사용 사례

Auditing third-party dependencies for known CVEs and identifying upgrade paths.
Preventing sensitive credential leaks through automated git pre-commit hooks.
Identifying and fixing SQL injection or XSS vulnerabilities in legacy codebases.

소개

주요 기능

Automated 0-100 security scoring with weighted deductions and bonuses.
0 GitHub stars
Secret detection for 50+ providers including AWS, GCP, GitHub, and Stripe.
Deep static analysis covering OWASP Top 10 risks like injection and SSRF.
Actionable remediation guides with before-and-after code implementation examples.
Cross-language dependency scanning for npm, pip, go, cargo, and more.

사용 사례

Auditing third-party dependencies for known CVEs and identifying upgrade paths.
Preventing sensitive credential leaks through automated git pre-commit hooks.
Identifying and fixing SQL injection or XSS vulnerabilities in legacy codebases.