Does it support multiple programming languages?

Yes, it automatically detects project languages including JavaScript, TypeScript, Python, Rust, and Go to apply the most relevant security configurations and tools.

What security tools does this skill configure?

It supports a wide range of industry-standard tools including Trivy, Gitleaks, CodeQL, Dependabot, TruffleHog, and language-specific auditors like pip-audit or npm audit.

Can I run a security check without applying changes?

Yes, using the --check-only flag allows you to generate a comprehensive compliance report and identify gaps without modifying any project files.

How does it handle secret detection?

It configures Gitleaks with project-specific allowlists and can set up pre-commit hooks to prevent secrets from being committed to version control in the first place.

Security Configuration & Auditing

Name: Security Configuration & Auditing
Author: laurigates

bylaurigates

•

Security & Testing

Configures and automates security scanning tools for dependencies, static analysis, and secret detection.

This skill automates the setup of a robust security posture for development projects by integrating dependency auditing, Static Application Security Testing (SAST), and secret leak prevention. It identifies missing security configurations, suggests fixes, and generates comprehensive compliance reports across multiple languages including JavaScript, Python, and Rust. Whether you need to set up GitHub Actions for CodeQL, configure Gitleaks for secret detection, or establish a standardized SECURITY.md policy, this tool streamlines the process to ensure projects adhere to modern DevSecOps standards.

Key Features

0110 GitHub stars

02SAST setup using CodeQL and language-specific tools like Bandit

03Standardized SECURITY.md policy and compliance report generation

04Seamless CI/CD integration for automated security workflows

05Automated dependency vulnerability auditing for npm, pip, and cargo

06Proactive secret detection configuration with Gitleaks and TruffleHog

Use Cases

01Automating secret scanning to prevent accidental credential leaks

02Establishing a security baseline for new or existing repositories

03Configuring Dependabot and SAST scanning for continuous vulnerability monitoring

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add laurigates/claude-plugins configure-security

For use in Claude.ai and ChatGPT

Download Skill