Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Security Scanning

Plugin Verifiziert Aktiv
Teil von:Claude Code Plugins

SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening

5 Skills 0 MCPs
Zweck

To provide a robust, integrated set of tools for detecting and mitigating security vulnerabilities across the software development lifecycle.

Funktionen

  • SAST analysis across multiple languages
  • Dependency vulnerability and SBOM generation
  • OWASP Top 10 compliance checks
  • Automated security hardening workflows
  • Container security scanning capabilities

Anwendungsfälle

  • Scanning codebases for security vulnerabilities
  • Implementing automated security checks in CI/CD pipelines
  • Hardening applications against common attack vectors
  • Ensuring compliance with security standards like OWASP Top 10
  • Auditing project dependencies for known vulnerabilities

Nicht-Ziele

  • Performing dynamic application security testing (DAST)
  • Providing runtime application security monitoring
  • Managing infrastructure security outside of hardening configurations
  • Replacing dedicated penetration testing services

Praktiken

  • Shift-left security
  • Secure coding standards
  • DevSecOps
  • Compliance automation
  • Vulnerability management

Documentation

  • info:Configuration & parameter referenceWhile configuration examples are provided within command documents (e.g., `.bandit`, `.eslintrc-security.json`), explicit documentation on precedence order of configuration files or implicit parameters is not readily available.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add wshobson/agents
/plugin install security-scanning@claude-code-workflows

Enthält 5 Erweiterungen

Skill (5)

Attack Tree Construction Skill

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

Sast Configuration Skill

Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.

Security Requirement Extraction Skill

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

Stride Analysis Patterns Skill

Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.

Threat Mitigation Mapping Skill

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.

Qualitätspunktzahl

Verifiziert
97 /100
Analysiert 1 day ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber wshobson (opens in new tab)
Sterne35.3k
LizenzMIT
Websitesethhobson.com(opens in new tab)
Status
Quellcode ansehen

Ähnliche Erweiterungen

Commands Security Audit

98

Commands for security auditing and vulnerability scanning

Plugin
davepoon

Review Agent Governance

99

Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.

Plugin
wshobson

Accessibility Compliance

99

WCAG accessibility auditing, compliance validation, UI testing for screen readers, keyboard navigation, and inclusive design

Plugin
wshobson

Security Review Openai

93

Perform language and framework specific security best-practice reviews and suggest improvements

Plugin
lawvable