Which programming languages does this skill support?

It provides specialized patterns for JavaScript (npm) and Python (pip/Bandit), while tools like Semgrep, Gitleaks, and TruffleHog provide broad coverage across most modern languages.

How does it handle false positives in secret detection?

The skill utilizes baseline files (like .secrets.baseline) to document and ignore known false positives, ensuring your security reports remain actionable and relevant.

Can this skill automatically fix security issues?

Yes, it can execute automated remediation commands like 'npm audit fix' and provide Claude with the context needed to manually refactor code to resolve SAST findings.

Does it support CI/CD integration?

Absolutely. It includes specific patterns for GitHub Actions and Bash scripts that allow you to block builds based on vulnerability severity thresholds.

Security Scanning

Name: Security Scanning
Author: yonatangross

byyonatangross

•

安全与测试

Automates vulnerability detection for dependencies, source code, and containers using industry-standard security tools.

This skill empowers Claude to perform comprehensive security audits by integrating essential tools like npm audit, Semgrep, and TruffleHog. It helps developers identify critical vulnerabilities in dependencies, detect hardcoded secrets, and implement static analysis (SAST) within their development workflow. By providing standardized implementation patterns for pre-commit hooks and CI/CD pipelines, it ensures a shift-left security approach, catching risks before they reach production.

主要功能

01Best-practice pre-commit hook configurations for proactive security

02Automated dependency auditing for JavaScript and Python environments

03Static Analysis Security Testing (SAST) using Semgrep and Bandit

04Container image vulnerability scanning with Trivy integration

05Hardcoded secret and credential detection in source code repositories

0629 GitHub stars

使用场景

01Identifying and fixing vulnerable npm or pip packages during development

02Scanning repositories for exposed API keys, AWS credentials, or private keys

03Integrating automated security gates and escalation thresholds into CI/CD pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yonatangross/skillforge-claude-plugin security-scanning

For use in Claude.ai and ChatGPT

Download Skill