Does this skill support automated remediation?

Yes, by using the --fix flag, the skill can move from analysis to remediation, proposing and applying code changes to resolve detected vulnerabilities.

What is the AppSec Integrity skill?

It is a specialized Claude Code capability designed to identify and fix security vulnerabilities related to software and data integrity, such as insecure deserialization and supply chain risks.

Do I need to install external scanners like Semgrep?

While the skill can perform analysis using Claude's internal logic and Grep patterns, it will automatically integrate with tools like Trivy, Semgrep, and Bandit if they are available on your system for higher precision.

Can it scan my GitHub Actions or Jenkins files?

Yes, the skill is designed to audit CI/CD configuration files for various platforms to detect pipeline injection risks and insecure build settings.

Which security standards does this skill follow?

It is mapped specifically to the OWASP Top 10 2021 A08 (Software and Data Integrity Failures) and includes mappings for STRIDE and various CWEs.

AppSec Integrity & Supply Chain Security

Name: AppSec Integrity & Supply Chain Security
Author: florianbuetow

byflorianbuetow

•

安全与测试

Analyzes source code and CI/CD pipelines to detect software integrity violations, insecure deserialization, and supply chain vulnerabilities.

The Integrity skill is a specialized security auditor for Claude Code that focuses on OWASP A08: Software and Data Integrity Failures. It systematically reviews source code, dependency manifests, and CI/CD configurations to identify high-risk patterns such as untrusted deserialization, missing Subresource Integrity (SRI) tags, and insecure pipeline injections. By integrating with industry-standard scanners like Trivy and Semgrep, it provides deep visibility into the provenance and authenticity of your software components, offering actionable remediation steps to harden your application against tampering and supply chain attacks.

主要功能

01Generates standardized security reports in JSON, SARIF, and Markdown formats.

02Detects insecure deserialization in Java, Python, and JavaScript.

03Audits CI/CD workflows for command injection and configuration risks.

04Validates dependency lockfiles and Subresource Integrity (SRI) attributes.

05Supports multiple analysis depths from quick pattern scans to expert red-teaming.

066 GitHub stars

使用场景

01Ensuring third-party scripts and libraries are loaded securely from CDNs.

02Auditing legacy applications for dangerous serialization sinks like pickle or YAML load.

03Hardening CI/CD pipelines against unauthorized code or configuration changes.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code integrity

For use in Claude.ai and ChatGPT

Download Skill