Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Scans dependencies, code, and containers for vulnerabilities using Trivy, Snyk, and npm audit.
npx claudepluginhub secondsky/claude-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Automate security vulnerability detection across code, dependencies, and containers.
# npm audit
npm audit --audit-level=high
# Snyk
snyk test --severity-threshold=high
# Safety (Python)
safety check --full-report
# Scan container image
trivy image myapp:latest --severity HIGH,CRITICAL
# Scan filesystem
trivy fs --scanners vuln,secret .
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
severity: 'CRITICAL,HIGH'
exit-code: '1'
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
- name: npm audit
run: npm audit --audit-level=high
bandit -r src/ -ll -ii
const { execSync } = require('child_process');
function runSecurityScan() {
const results = {
npm: JSON.parse(execSync('npm audit --json').toString()),
trivy: JSON.parse(execSync('trivy fs --format json .').toString())
};
const critical = results.npm.metadata?.vulnerabilities?.critical || 0;
if (critical > 0) {
console.error(`Found ${critical} critical vulnerabilities`);
process.exit(1);
}
}
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.