Senior Secops
技能 已验证 活跃Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.
To automate and standardize security reviews, vulnerability assessments, and compliance checks, enabling SecOps engineers to maintain a strong security posture.
功能
- Runs SAST/DAST scans
- Checks dependency vulnerabilities (npm, Python, Go)
- Automates compliance checks (SOC 2, PCI-DSS, HIPAA, GDPR)
- Generates CVE remediation plans
- Enforces secure coding patterns
使用场景
- Conducting a security review or audit
- Responding to a CVE or security incident
- Hardening infrastructure
- Enforcing security controls in CI/CD pipelines
非目标
- Performing live penetration testing
- Managing cloud infrastructure security directly
- Providing real-time threat intelligence feeds
Scope
- info:Tool surface sizeThere are three main tools exposed: `security_scanner.py`, `vulnerability_assessor.py`, and `compliance_checker.py`.
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering-team@claude-code-skills质量评分
已验证类似扩展
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Context Mode Ops
100使用并行子代理军队管理 context-mode GitHub 问题、PR、发布和营销。为每个任务编排 10-20 个动态代理。在分类问题、审查 PR、发布版本、撰写 LinkedIn 帖子、宣布发布、修复错误、合并贡献、验证 ENV 变量、测试适配器或同步分支时使用。
Azure Container Registry SDK for Python
100Azure Container Registry SDK for Python. Use for managing container images, artifacts, and repositories. Triggers: "azure-containerregistry", "ContainerRegistryClient", "container images", "docker registry", "ACR".
Azure App Configuration SDK for Python
100Azure App Configuration SDK for Python. Use for centralized configuration management, feature flags, and dynamic settings. Triggers: "azure-appconfiguration", "AzureAppConfigurationClient", "feature flags", "configuration", "key-value settings".
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.