ReddRadar
Agent skill
vulnerability-scanning
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Install this agent skill to your Project
npx add-skill https://github.com/secondsky/claude-skills/tree/main/plugins/vulnerability-scanning/skills/vulnerability-scanning
Metadata
Additional technical details for this skill
- keywords
- Trivy, Snyk, npm-audit, OWASP, dependency-scanning, CVE, security-vulnerabilities, outdated-packages, license-compliance, SCA, SBOM, container-scanning, image-scanning, security-gates, CI-CD-security, pre-deployment-audit, supply-chain-security, vulnerability-detection, security-compliance, Docker-scan, Grype, static-analysis, dependency-check
SKILL.md
Vulnerability Scanning
Automate security vulnerability detection across code, dependencies, and containers.
Dependency Scanning
# npm audit
npm audit --audit-level=high
# Snyk
snyk test --severity-threshold=high
# Safety (Python)
safety check --full-report
Container Scanning (Trivy)
# Scan container image
trivy image myapp:latest --severity HIGH,CRITICAL
# Scan filesystem
trivy fs --scanners vuln,secret .
GitHub Actions Integration
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
severity: 'CRITICAL,HIGH'
exit-code: '1'
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
- name: npm audit
run: npm audit --audit-level=high
Code Analysis (Bandit for Python)
bandit -r src/ -ll -ii
Node.js Scanner
const { execSync } = require('child_process');
function runSecurityScan() {
const results = {
npm: JSON.parse(execSync('npm audit --json').toString()),
trivy: JSON.parse(execSync('trivy fs --format json .').toString())
};
const critical = results.npm.metadata?.vulnerabilities?.critical || 0;
if (critical > 0) {
console.error(`Found ${critical} critical vulnerabilities`);
process.exit(1);
}
}
Best Practices
- Integrate scanning in CI/CD pipeline
- Fail builds on high/critical findings
- Scan dependencies and containers
- Track vulnerabilities over time
- Document accepted false positives
Tools
- Trivy (containers, filesystem)
- Snyk (dependencies, code)
- npm audit / yarn audit
- Bandit (Python)
- OWASP Dependency-Check
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
secondsky/claude-skills
skill-name
[TODO: Write comprehensive description in third-person. Start with "This skill provides..." or "This skill should be used when..."] [TODO: Add "Use when" scenarios - specific situations where Claude should use this skill] [TODO: Add keywords - technologies, use cases, error messages that should trigger this skill]
secondsky/claude-skills
websocket-implementation
Implements real-time WebSocket communication with connection management, room-based messaging, and horizontal scaling. Use when building chat systems, live notifications, collaborative tools, or real-time dashboards.
secondsky/claude-skills
ai-sdk-ui
secondsky/claude-skills
bun-nextjs
This skill should be used when the user asks about "Next.js with Bun", "Bun and Next", "running Next.js on Bun", "Next.js development with Bun", "create-next-app with Bun", or building Next.js applications using Bun as the runtime.
secondsky/claude-skills
bun-sqlite
Use for bun:sqlite, SQLite operations, prepared statements, transactions, and queries.
secondsky/claude-skills
bun-sveltekit
Use when building or running SvelteKit apps on Bun, including SSR, adapters, and Bun-specific APIs
Didn't find tool you were looking for?