/scan

Vulnerability Scanner

Perform comprehensive vulnerability scanning on the current codebase to identify security issues, CVEs, and potential attack vectors.

Scan Process

1. Code Analysis (SAST)

   • Scan for common vulnerability patterns
   • Identify insecure code practices
   • Check for hardcoded secrets
   • Analyze authentication/authorization flaws

2. Dependency Scanning

   • Check npm/pip/composer dependencies for known CVEs
   • Identify outdated packages with security patches
   • Report transitive dependency vulnerabilities

3. Configuration Review

   • Analyze security-sensitive configurations
   • Check for insecure defaults
   • Validate SSL/TLS settings
   • Review access control configurations

4. Report Generation

   • Severity-based categorization (Critical, High, Medium, Low)
   • CVE identifiers and CVSS scores
   • Remediation recommendations
   • Affected files and line numbers

Output Format

Generate a structured vulnerability report with:

• Executive summary with vulnerability counts by severity
• Detailed findings with code snippets
• Remediation steps for each vulnerability
• Links to CVE databases and security advisories

Security Best Practices

• Never expose vulnerability details in public repositories
• Prioritize Critical and High severity issues
• Retest after applying fixes
• Document false positives for future scans