/security

Description

Scan DAPR project for security vulnerabilities, plain-text secrets, missing ACLs, and configuration issues

Prompt Preview

# DAPR Security Scanner

Scan your DAPR project for security issues and best practice violations.

## Behavior

When the user runs `/dapr:security`:

1. **Locate Configuration Files**
   - Find all component YAML files in `components/`
   - Find `dapr.yaml` if present
   - Find any Configuration or Resiliency resources

2. **Run Security Checks**

   ### Critical Checks (Fail deployment)
   - Plain-text secrets in component files
   - Hardcoded connection strings with passwords
   - API keys or tokens in plain text
   - Missing `secretKeyRef` for sensitive fields

   ### High Severity Check...

Other plugins with /security

backend-security

Application security with OWASP best practices and threat modeling

10x-fullstack-engineer

Performs a comprehensive security audit focusing on authentication, authorization, input validation, data protection, and OWASP Top 10 vulnerabilities.

review

Complete a security review with optional custom output path

popkit

scan | list | fix | report [--dry-run, --severity, --fix]

codeassist

Deploy the security auditor agent for security review.

Links

GitHub Stats

0 forks

Updated 13 hours ago