Security Scanning
插件 已验证 活跃SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
To provide a robust, integrated set of tools for detecting and mitigating security vulnerabilities across the software development lifecycle.
功能
- SAST analysis across multiple languages
- Dependency vulnerability and SBOM generation
- OWASP Top 10 compliance checks
- Automated security hardening workflows
- Container security scanning capabilities
使用场景
- Scanning codebases for security vulnerabilities
- Implementing automated security checks in CI/CD pipelines
- Hardening applications against common attack vectors
- Ensuring compliance with security standards like OWASP Top 10
- Auditing project dependencies for known vulnerabilities
非目标
- Performing dynamic application security testing (DAST)
- Providing runtime application security monitoring
- Managing infrastructure security outside of hardening configurations
- Replacing dedicated penetration testing services
实践
- Shift-left security
- Secure coding standards
- DevSecOps
- Compliance automation
- Vulnerability management
Documentation
- info:Configuration & parameter referenceWhile configuration examples are provided within command documents (e.g., `.bandit`, `.eslintrc-security.json`), explicit documentation on precedence order of configuration files or implicit parameters is not readily available.
安装
请先添加 Marketplace
/plugin marketplace add wshobson/agents/plugin install security-scanning@claude-code-workflows包含 5 个扩展
Skill (5)
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
质量评分
已验证类似扩展
Commands Security Audit
98Commands for security auditing and vulnerability scanning
Review Agent Governance
99Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.
Accessibility Compliance
99WCAG accessibility auditing, compliance validation, UI testing for screen readers, keyboard navigation, and inclusive design
Security Review Openai
93Perform language and framework specific security best-practice reviews and suggest improvements