SecOpsAgentKit

An assortment of security operations skills for AI coding agents. A collaborative approach to shift-left security using Claude Code skills.

Overview

SecOpsAgentKit provides specialized Claude Code skills for security operations, covering:

• Application Security (AppSec): SAST/DAST, vulnerability analysis, secure code review
• DevSecOps: CI/CD security, infrastructure as code security, container scanning
• Secure SDLC: Threat modeling, security requirements, secure design patterns
• Compliance: Security auditing, policy enforcement, compliance frameworks
• Incident Response: Security event analysis, forensics, remediation workflows

Quick Start

/plugin marketplace add https://github.com/AgentSecOps/SecOpsAgentKit.git

Available Skills

Application Security (appsec/)

• api-mitmproxy - Interactive HTTPS proxy for API security testing with mitmproxy traffic interception and modification
• api-spectral - API specification linting and security validation using Spectral for OpenAPI and AsyncAPI
• dast-ffuf - Fast web fuzzer using ffuf for directory enumeration and parameter fuzzing
• dast-nuclei - Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei
• dast-zap - Dynamic application security testing using OWASP ZAP (Zed Attack Proxy)
• sast-bandit - Python security vulnerability detection using Bandit SAST with CWE and OWASP mappings
• sast-semgrep - Static application security testing using Semgrep for vulnerability detection
• sca-blackduck - Software Composition Analysis using Synopsys Black Duck for dependency vulnerabilities and license compliance

DevSecOps (devsecops/)

• container-grype - Container vulnerability scanning and dependency risk assessment using Grype with CVSS, EPSS, and CISA KEV prioritization
• container-hadolint - Dockerfile security linting and best practice validation using Hadolint
• iac-checkov - Infrastructure as Code security scanning using Checkov with 750+ built-in policies
• sca-trivy - Software Composition Analysis and container vulnerability scanning using Trivy for CVE detection
• secrets-gitleaks - Hardcoded secret detection and prevention in git repositories using Gitleaks

Secure SDLC (secsdlc/)

• reviewdog - Automated code review and security linting integration for CI/CD pipelines using reviewdog
• sast-horusec - Multi-language static application security testing using Horusec (18+ languages, 20+ tools)
• sbom-syft - Software Bill of Materials (SBOM) generation using Syft for container images and filesystems

Compliance (compliance/)

• policy-opa - Policy-as-code enforcement and compliance validation using Open Policy Agent (OPA)

Threat Modeling (threatmodel/)

• pytm - Python-based threat modeling using pytm for STRIDE analysis and data flow diagrams

Incident Response (incident-response/)

• detection-sigma - Generic detection rule creation and management using Sigma (universal SIEM rule format)
• forensics-osquery - SQL-powered forensic investigation and system interrogation using osquery for endpoint analysis
• ir-velociraptor - Endpoint visibility and digital forensics using Velociraptor for incident response at scale