How does it handle Go toolchain and versioning?

It includes specialized logic to remove unnecessary toolchain directives and normalize go.mod files according to Submariner project standards.

What scanners does the cve-fix skill support?

The skill primarily uses Grype to identify vulnerabilities, supporting execution via Docker, Podman, or a local installation.

Does it support Submariner's stable release branches?

Yes, it features branch name normalization (e.g., 0.23 to release-0.23) and uses specific Shipyard build images tailored to the branch version.

What happens if no vulnerabilities are detected during a scan?

The skill will automatically delete the temporary fix branch it created and exit gracefully, informing you that the branch is clean.

Can I fix CVEs across multiple repositories simultaneously?

Yes, the skill accepts repository and branch arguments and can be invoked for multiple paths to process fixes sequentially.

Submariner CVE Fixer

Name: Submariner CVE Fixer
Author: submariner-io

bysubmariner-io

•

보안 및 테스팅

Automates the identification and remediation of security vulnerabilities in Go-based Submariner repositories across multiple branches.

The cve-fix skill streamlines the security maintenance lifecycle for Submariner Go projects by automating the end-to-end process of vulnerability management. It handles repository detection, clean build state preparation, and deep scanning using the Grype vulnerability scanner. Once vulnerabilities are identified, the skill automatically manages Git branching, updates go.mod dependencies, cleans up toolchain directives, and prepares commits. It is specifically designed to handle the complexities of Submariner's architecture, including multi-repo support, stable branch maintenance, and specific Go dependency patterns.

주요 기능

01Multi-repository and multi-branch support with intelligent branch normalization

02Isolated execution environments for clean, reliable security patches

0372 GitHub stars

04Automated CVE scanning using Grype and container runtimes (Docker/Podman)

05Automated Go dependency updates, mod tidying, and toolchain cleanup

06Sophisticated handling of stdlib vulnerabilities and replace directives

사용 사례

01Batch patching vulnerabilities across multiple stable release branches

02Automating regular security maintenance cycles for Submariner ecosystem components

03Standardizing security remediation workflows for distributed Kubernetes infrastructure

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add submariner-io/shipyard cve-fix

For use in Claude.ai and ChatGPT

Download Skill