Which programming languages are supported?

The skill provides specific patterns for JavaScript (npm) and Python (pip-audit, Bandit), as well as language-agnostic tools like Semgrep and Gitleaks.

Can this skill be used in CI/CD pipelines?

Yes, it includes implementation patterns for GitHub Actions and other CI tools to automatically block builds based on configurable severity thresholds.

What is the Security Scanning skill?

It is a specialized capability for Claude Code that automates security audits for dependencies, source code, and secrets using industry-standard tools.

Does it include Static Analysis (SAST)?

Yes, the skill utilizes Semgrep and Bandit to perform Static Analysis Security Testing to find common code vulnerabilities and logical security flaws.

How does it handle hardcoded secrets?

It integrates with TruffleHog and Gitleaks to identify credentials in your codebase and provides configurations for pre-commit hooks to prevent them from being committed.

Security Scanning

Name: Security Scanning
Author: yonatangross

byyonatangross

•

Security & Testing

Automates vulnerability detection across codebases, dependencies, and secrets using industry-standard security tools.

About

The Security Scanning skill empowers Claude to perform comprehensive security audits by integrating powerful scanners like Semgrep, Bandit, and TruffleHog directly into the development workflow. It provides automated checks for vulnerable dependencies in JavaScript and Python, detects hardcoded secrets, performs static analysis (SAST) on source code, and scans container images. By establishing clear escalation thresholds and providing pre-commit hook configurations, it ensures a shift-left security posture that identifies risks early in the development lifecycle before they reach production.

Key Features

Secret detection and leak prevention with Gitleaks and TruffleHog
Pre-commit hook configuration for proactive security gating
Automated dependency auditing for npm and Python environments
Container image vulnerability scanning with Trivy integration
8 GitHub stars
Static Analysis Security Testing (SAST) using Semgrep and Bandit

Use Cases

Integrating automated security gates into CI/CD pipelines to block critical risks
Auditing third-party dependencies for vulnerabilities before every major deployment
Scanning repositories for hardcoded credentials or API keys before code reviews

About

Key Features

Secret detection and leak prevention with Gitleaks and TruffleHog
Pre-commit hook configuration for proactive security gating
Automated dependency auditing for npm and Python environments
Container image vulnerability scanning with Trivy integration
8 GitHub stars
Static Analysis Security Testing (SAST) using Semgrep and Bandit

Use Cases

Integrating automated security gates into CI/CD pipelines to block critical risks
Auditing third-party dependencies for vulnerabilities before every major deployment
Scanning repositories for hardcoded credentials or API keys before code reviews