Skill

vulnerability-scanning

Automates vulnerability scanning for dependencies, code, and containers using Trivy, Snyk, npm audit, Bandit. For CI/CD security gates, pre-deployment audits, CVE detection, outdated packages, license compliance, SBOM generation.

Docker

npx claudepluginhub secondsky/claude-skills --plugin vulnerability-scanning

Popularity

Parent stars

149

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/vulnerability-scanning:vulnerability-scanning

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Automate security vulnerability detection across code, dependencies, and containers.

SKILL.md

107 lines · ~663 tokens

Similar Skills

scanning-containers-with-trivy-in-cicd

Integrates Trivy into CI/CD pipelines to scan Docker images for OS and dependency CVEs, detect Dockerfile misconfigurations, and enforce severity-based quality gates.

cybersec-toolkit

scanning-containers-with-trivy-in-cicd

13.2k

Integrates Trivy into CI/CD pipelines to scan Docker images for OS and dependency CVEs, detect Dockerfile misconfigurations, and enforce severity-based quality gates.

7 files

cybersecurity-skills

scanning-containers-with-trivy-in-cicd

Integrates Trivy scanner into CI/CD pipelines to detect vulnerabilities in Docker images, OS packages, dependencies, Dockerfiles, and enforce quality gates blocking critical/high-severity issues before deployment.

asi

Stats

LanguageTypeScript

Parent stars149

Parent forks23

MaintenanceGood

Last CommitApr 2, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

vulnerability-scanning

Vulnerability Scanning

Automate security vulnerability detection across code, dependencies, and containers.

Dependency Scanning

# npm audit npm audit --audit-level=high # Snyk snyk test --severity-threshold=high # Safety (Python) safety check --full-report

Container Scanning (Trivy)

# Scan container image trivy image myapp:latest --severity HIGH,CRITICAL # Scan filesystem trivy fs --scanners vuln,secret .

GitHub Actions Integration

name: Security Scan on: [push, pull_request] jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' severity: 'CRITICAL,HIGH' exit-code: '1' - name: Run Snyk uses: snyk/actions/node@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: args: --severity-threshold=high - name: npm audit run: npm audit --audit-level=high

Code Analysis (Bandit for Python)

bandit -r src/ -ll -ii

Node.js Scanner

const { execSync } = require('child_process'); function runSecurityScan() { const results = { npm: JSON.parse(execSync('npm audit --json').toString()), trivy: JSON.parse(execSync('trivy fs --format json .').toString()) }; const critical = results.npm.metadata?.vulnerabilities?.critical || 0; if (critical > 0) { console.error(`Found ${critical} critical vulnerabilities`); process.exit(1); } }

Best Practices

Integrate scanning in CI/CD pipeline

Fail builds on high/critical findings

Scan dependencies and containers

Track vulnerabilities over time

Document accepted false positives

Tools

Trivy (containers, filesystem)

Snyk (dependencies, code)

npm audit / yarn audit

Bandit (Python)

OWASP Dependency-Check