Can it detect security vulnerabilities in dependencies?

Yes, it utilizes the OWASP dependency-check tool to identify known CVEs in your project's libraries.

Does this skill support both Maven and Gradle?

Yes, the skill includes specialized command sets and workflows for both Maven and Gradle build systems.

How does it help with pull request preparation?

It provides a standardized 'Verification Report' template that summarizes build status, test coverage, and security results, making it easy to document your work.

What static analysis tools are included in the loop?

The verification loop integrates with SpotBugs, PMD, and Checkstyle to provide a comprehensive analysis of code quality and potential bugs.

Spring Boot Verification Loop

Name: Spring Boot Verification Loop
Author: unju-ai

byunju-ai

0•

Security & Testing

Standardizes the verification process for Spring Boot applications by automating builds, security scans, and code quality checks.

This skill provides a comprehensive verification workflow for Spring Boot projects using Maven or Gradle. It guides Claude through a structured six-phase process including automated builds, multi-tool static analysis (SpotBugs, PMD, Checkstyle), unit testing with JaCoCo coverage reporting, OWASP dependency checks, and a final diff review checklist. It is designed to ensure high code quality, security compliance, and architectural integrity before pull requests or production deployments, treating warnings as defects to maintain production-grade standards.

Key Features

01Integrated static analysis with SpotBugs, PMD, and Checkstyle

02Security scanning for CVEs and leaked secrets using OWASP and git-secrets

030 GitHub stars

04Multi-phase verification loop covering build, test, scan, and review

05Automated JaCoCo test coverage reporting and validation

06Standardized output template for consistent PR and release reports

Use Cases

01Performing regular code health audits and dependency vulnerability assessments

02Pre-release validation to ensure code meets production quality and security standards

03Automating local CI/CD style checks before pushing code to a remote repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc springboot-verification

For use in Claude.ai and ChatGPT

Key Features

01Integrated static analysis with SpotBugs, PMD, and Checkstyle

02Security scanning for CVEs and leaked secrets using OWASP and git-secrets

030 GitHub stars

04Multi-phase verification loop covering build, test, scan, and review

05Automated JaCoCo test coverage reporting and validation

06Standardized output template for consistent PR and release reports

Use Cases

01Performing regular code health audits and dependency vulnerability assessments

02Pre-release validation to ensure code meets production quality and security standards

03Automating local CI/CD style checks before pushing code to a remote repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add unju-ai/ecc springboot-verification

For use in Claude.ai and ChatGPT