npx claudepluginhub zate/cc-plugins --plugin securityThis skill is limited to using the following tools:
Install and configure security scanning tools used by `/security:scan`.
Checks and configures security scanning for dependency audits, SAST, and secrets. Supports package.json, pyproject.toml, Cargo.toml, go.mod; sets up Dependabot, CodeQL, Gitleaks.
Integrates DevSecOps security into CI/CD pipelines: SAST (Semgrep, CodeQL), DAST/SCA, secret scanning, container scans (Trivy, Snyk), and security gates for shift-left controls.
Integrates SAST (Semgrep), DAST (OWASP ZAP), SCA/container scanning (Trivy), and secrets detection (Gitleaks) into CI/CD pipelines using GitHub Actions, GitLab CI, or Jenkins. For DevSecOps setup and shift-left security.
Share bugs, ideas, or general feedback.
Install and configure security scanning tools used by /security:scan.
"${CLAUDE_PLUGIN_ROOT}/scripts/detect-tools.sh"
Parse the output and display a status table:
Security Tool Status
====================
| Tool | Status | Version | Purpose |
|----------|-----------|---------|--------------------------------|
| semgrep | installed | 1.56.0 | Multi-language SAST scanner |
| gitleaks | missing | - | Secrets detection in git repos |
| trivy | missing | - | Container/IaC vulnerability |
| bandit | installed | 1.7.7 | Python-specific SAST |
| gosec | missing | - | Go-specific SAST |
Coverage: 60% (2/5 tools installed + built-in regex patterns)
For each missing tool, display platform-specific install options:
# macOS
brew install semgrep
# Linux / pip
pip install semgrep
# Docker
docker pull semgrep/semgrep
# macOS
brew install gitleaks
# Go install
go install github.com/gitleaks/gitleaks/v8@latest
# Linux (download binary)
# See https://github.com/gitleaks/gitleaks/releases
# macOS
brew install trivy
# Ubuntu/Debian
sudo apt-get install -y trivy
# RHEL/CentOS
sudo yum install -y trivy
# pip (Python projects)
pip install bandit
# pipx (isolated install)
pipx install bandit
# Go install
go install github.com/securego/gosec/v2/cmd/gosec@latest
# macOS
brew install gosec
Only show tools that are missing. If all tools are installed, congratulate and STOP.
AskUserQuestion:
questions:
- question: "Which tools would you like to install?"
header: "Install Security Tools"
multiSelect: true
options:
- label: "semgrep"
description: "Multi-language static analysis (recommended)"
- label: "gitleaks"
description: "Secrets detection in git history"
- label: "trivy"
description: "Container and infrastructure scanning"
- label: "bandit"
description: "Python-specific security scanner"
- label: "gosec"
description: "Go-specific security scanner"
- label: "All missing tools"
description: "Install everything"
- label: "Skip"
description: "Don't install anything"
Only include options for tools that are actually missing.
For each selected tool, detect the platform and run the appropriate install command:
# Example: detect platform and install
if command -v brew &>/dev/null; then
brew install semgrep
elif command -v pip &>/dev/null; then
pip install semgrep
else
echo "Please install semgrep manually: https://semgrep.dev/docs/getting-started/"
fi
"${CLAUDE_PLUGIN_ROOT}/scripts/detect-tools.sh"
Show updated status table with new coverage estimate.
If any installations failed, show manual install instructions and links.
Display:
Setup complete! Coverage: 100% (5/5 tools + built-in regex patterns)
Run /security:scan to start your first security assessment.
Now: Detect currently installed tools.