Agent skill

security-scanner

Run security scans including SAST, dependency scanning, and secret detection

View SKILL.md on GitHub Repository
Stars 514
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/software-architecture/skills/security-scanner

SKILL.md

Security Scanner Skill

Overview

Runs comprehensive security scans including SAST scanning with Semgrep/CodeQL, dependency vulnerability scanning with Snyk/OWASP, secret detection, and container image scanning.

Capabilities

  • SAST scanning (Semgrep, CodeQL)
  • Dependency vulnerability scanning (Snyk, OWASP Dependency-Check)
  • Secret detection (git-secrets, truffleHog, gitleaks)
  • Container image scanning (Trivy, Grype)
  • License compliance checking
  • SBOM generation
  • CVE database lookup

Target Processes

  • security-architecture-review
  • iac-review

Input Schema

json
{
  "type": "object",
  "required": ["targets"],
  "properties": {
    "targets": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Paths to scan"
    },
    "scanTypes": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": ["sast", "dependencies", "secrets", "containers", "licenses"]
      },
      "default": ["sast", "dependencies", "secrets"]
    },
    "tools": {
      "type": "object",
      "properties": {
        "sast": {
          "type": "string",
          "enum": ["semgrep", "codeql"],
          "default": "semgrep"
        },
        "dependencies": {
          "type": "string",
          "enum": ["snyk", "owasp", "npm-audit"],
          "default": "snyk"
        },
        "secrets": {
          "type": "string",
          "enum": ["gitleaks", "trufflehog"],
          "default": "gitleaks"
        }
      }
    },
    "options": {
      "type": "object",
      "properties": {
        "severityThreshold": {
          "type": "string",
          "enum": ["critical", "high", "medium", "low"],
          "default": "medium"
        },
        "failOnVulnerability": {
          "type": "boolean",
          "default": true
        }
      }
    }
  }
}

Output Schema

json
{
  "type": "object",
  "properties": {
    "vulnerabilities": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "id": { "type": "string" },
          "severity": { "type": "string" },
          "type": { "type": "string" },
          "file": { "type": "string" },
          "line": { "type": "number" },
          "description": { "type": "string" },
          "cve": { "type": "string" },
          "fix": { "type": "string" }
        }
      }
    },
    "secrets": {
      "type": "array"
    },
    "dependencyVulnerabilities": {
      "type": "array"
    },
    "summary": {
      "type": "object",
      "properties": {
        "critical": { "type": "number" },
        "high": { "type": "number" },
        "medium": { "type": "number" },
        "low": { "type": "number" }
      }
    },
    "passed": {
      "type": "boolean"
    }
  }
}

Usage Example

javascript
{
  kind: 'skill',
  skill: {
    name: 'security-scanner',
    context: {
      targets: ['src/**/*.ts', 'package.json'],
      scanTypes: ['sast', 'dependencies', 'secrets'],
      tools: {
        sast: 'semgrep',
        dependencies: 'snyk'
      },
      options: {
        severityThreshold: 'high',
        failOnVulnerability: true
      }
    }
  }
}

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

a5c-ai/babysitter

gsd-tools

Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).

514 31
Explore
a5c-ai/babysitter

model-profile-resolution

Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.

514 31
Explore
a5c-ai/babysitter

verification-suite

Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.

514 31
Explore
a5c-ai/babysitter

state-management

STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.

514 31
Explore
a5c-ai/babysitter

git-integration

Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.

514 31
Explore
a5c-ai/babysitter

frontmatter-parsing

YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.

514 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results