Community Plugin

security-scanning

SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening

1.2.2

Updated 2 months ago

AI Insight

Performs automated security analysis including SAST, dependency vulnerability checks, OWASP compliance, and container security scanning.

Why this plugin

Integrates comprehensive security scanning directly into development workflows, identifying vulnerabilities early and ensuring compliance with security standards.

Prerequisites

Requires access to codebase and build environment; may need specific scanning tool configurations or API keys for external services.

security

vulnerability

devsecops

Install

Add the repository(one-time)

/plugin marketplace add engineerwithai/engineerwith-agents

Install the plugin

/plugin install security-scanning@claude-code-workflows

Components

Commands

Dependency Vulnerability Scanning

/security-dependencies

inherits

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.

Phase 1: Comprehensive Security Assessment

/security-hardening

inherits

Implement comprehensive security hardening with defense-in-depth strategy through coordinated multi-agent orchestration:

SAST Security Plugin

/security-sast

inherits

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

Agents

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.

Threat Modeling Expert

/threat-modeling-expert

all tools

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Skills

attack-tree-construction

inherits

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

sast-configuration

inherits

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

security-requirement-extraction

inherits

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

stride-analysis-patterns

inherits

Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.

threat-mitigation-mapping

inherits

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.

Stats

Stars0

MaintenanceGood

Last Commit2 months ago

Community Promotion

Collections

Links

View on GitHub

View README

Plugin Marketplace JSON

Homepage

Similar Plugins

prompts.chat

149.6k

213

Access thousands of AI prompts and skills directly in your AI coding assistant. Search prompts, discover skills, save your own, and improve prompts with AI.

v1.0.0

plugin-dev

73.8k

Comprehensive toolkit for developing Claude Code plugins. Includes 7 expert skills covering hooks, MCP integration, commands, agents, and best practices. AI-assisted plugin creation and validation.

3mo

v0.1.0

everything-claude-code

56.9k

142

Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use

v1.7.0

payload

41.0k

Payload Development plugin - covers collections, fields, hooks, access control, plugins, and database adapters.

2mo

v0.0.1