Which security tools does this skill support?

This skill supports industry-standard tools including npm audit, pip-audit, Semgrep, Bandit, Gitleaks, TruffleHog, and Trivy.

Can I use this to prevent secrets from being committed to Git?

Yes, it provides detailed implementation patterns for setting up Gitleaks and detect-secrets via pre-commit hooks to catch credentials before they enter your history.

Does this skill work with CI/CD pipelines?

Absolutely. It includes configurations for GitHub Actions and other CI tools, including logic to fail builds based on specific severity thresholds.

Is it compatible with both Python and Node.js projects?

Yes, the skill contains specific modules and best practices for both JavaScript (npm audit) and Python (pip-audit, Bandit) environments.

Security Scanning & Vulnerability Audit

Name: Security Scanning & Vulnerability Audit
Author: yonatangross

byyonatangross

•

安全与测试

Automates comprehensive security audits and vulnerability scanning across dependencies, source code, secrets, and container images.

This skill empowers developers to implement robust security checks within their Claude Code workflow, providing production-ready patterns for dependency auditing in JavaScript and Python, static analysis (SAST) via Semgrep and Bandit, and proactive secret detection using Gitleaks. It streamlines the 'shift-left' security approach by offering standardized configurations for pre-commit hooks and CI/CD integration, ensuring that critical vulnerabilities are identified and blocked before they reach production environments.

主要功能

01Automated dependency auditing for npm and pip ecosystems

02Container image vulnerability scanning with Trivy

03Real-time secret and credential detection via Gitleaks and TruffleHog

04Static Application Security Testing (SAST) with Semgrep and Bandit

0569 GitHub stars

06Standardized pre-commit hook configurations for proactive security

使用场景

01Auditing legacy codebases for known vulnerabilities and outdated packages

02Implementing automated security gates in CI/CD pipelines to block high-risk releases

03Preventing accidental API key and credential leaks in version control

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yonatangross/orchestkit security-scanning

For use in Claude.ai and ChatGPT

Download Skill