zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-packages-security-pro-pack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:20:37 +08:00
commit 1862bc9ff7
10 changed files with 445 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
skills/security-pro-pack/assets/security_scan_report_template.md Normal file
View File

@@ -0,0 +1,100 @@
# Security Scan Report
**Generated by: Security Pro Pack - Vulnerability Scanner Plugin**
**Date:** `[Insert Date of Scan: YYYY-MM-DD]`
**Time:** `[Insert Time of Scan: HH:MM:SS UTC]`
**Report ID:** `[Insert Unique Report ID]`
## 1. Executive Summary
`[Provide a high-level overview of the security scan findings. Include the total number of vulnerabilities found, the severity distribution, and a brief summary of the most critical issues. Example: This report summarizes the results of a vulnerability scan performed on [Target]. A total of [Number] vulnerabilities were identified, with [Number] classified as Critical, [Number] as High, [Number] as Medium, and [Number] as Low. The most critical issues involve [Briefly describe the most critical issues].]`
## 2. Scan Details
* **Target:** `[Specify the target of the scan (e.g., repository URL, file path, container image name, API endpoint). Example: Repository: github.com/example/project]`
* **Scan Type:** `[Specify the type of scan performed (e.g., Static Analysis, Dynamic Analysis, Dependency Scan). Example: Static Analysis]`
* **Scanner Version:** `[Specify the version of the Security Pro Pack plugin and the underlying scanner used. Example: Security Pro Pack - Vulnerability Scanner v1.0.0 using Semgrep v1.10.0]`
* **Configuration:** `[Describe any custom configurations or settings used during the scan. If default settings were used, state that. Example: Default Semgrep ruleset was used.]`
* **Scan Duration:** `[Specify the total time taken to complete the scan. Example: 5 minutes 30 seconds]`
## 3. Vulnerability Findings
This section details the vulnerabilities identified during the scan. Each vulnerability is listed with its severity, description, location, and recommended remediation.
### 3.1 Critical Vulnerabilities
`[List all vulnerabilities classified as Critical. For each vulnerability, provide the following information:]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: CRITICAL-001]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: SQL Injection vulnerability in the login form allows attackers to execute arbitrary SQL commands.]`
* **Severity:** **Critical**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: src/auth/login.php: line 42]`
* **Affected Component:** `[Specify which component or module is affected. Example: Authentication Module]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Implement parameterized queries or use an ORM to prevent SQL injection.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Code snippet showing the vulnerable SQL query.]`
### 3.2 High Vulnerabilities
`[List all vulnerabilities classified as High. For each vulnerability, provide the same information as in section 3.1.]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: HIGH-002]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious scripts into the website.]`
* **Severity:** **High**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: public/js/comment.js: line 15]`
* **Affected Component:** `[Specify which component or module is affected. Example: Commenting System]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Implement proper input validation and output encoding to prevent XSS.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Example of a malicious script being injected and executed.]`
### 3.3 Medium Vulnerabilities
`[List all vulnerabilities classified as Medium. For each vulnerability, provide the same information as in section 3.1.]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: MEDIUM-003]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: Insecure Direct Object Reference (IDOR) allows users to access resources belonging to other users.]`
* **Severity:** **Medium**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: src/profile/profile.php: line 28]`
* **Affected Component:** `[Specify which component or module is affected. Example: User Profile Module]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Implement proper authorization checks to ensure users can only access their own resources.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Example of a user accessing another user's profile.]`
### 3.4 Low Vulnerabilities
`[List all vulnerabilities classified as Low. For each vulnerability, provide the same information as in section 3.1.]`
* **Vulnerability ID:** `[Unique identifier for the vulnerability. Example: LOW-004]`
* **Description:** `[Detailed explanation of the vulnerability and its potential impact. Example: Information leakage through error messages.]`
* **Severity:** **Low**
* **Location:** `[Precise location of the vulnerability in the code or configuration. Example: config/database.php]`
* **Affected Component:** `[Specify which component or module is affected. Example: Database Configuration]`
* **Recommendation:** `[Specific steps to remediate the vulnerability. Example: Disable detailed error messages in production environments.]`
* **Evidence:** `[Provide evidence of the vulnerability, such as code snippets, request/response examples, or screenshots. Example: Example of an error message revealing sensitive information.]`
## 4. Compliance Checks
`[If the scan included compliance checks, list the results here. Specify the compliance standard being checked (e.g., PCI DSS, HIPAA, GDPR) and the status of each requirement.]`
* **Compliance Standard:** `[Specify the compliance standard. Example: PCI DSS v3.2.1]`
* **Requirement 1.1.1:** `[Description of the requirement. Example: Establish and document security policies and operating procedures.]`
* **Status:** `[Pass/Fail. Example: Pass]`
* **Details:** `[Any relevant details about the compliance check. Example: Security policies and operating procedures are documented and reviewed annually.]`
* **Requirement 2.2.2:** `[Description of the requirement. Example: Implement and maintain a firewall configuration to protect cardholder data.]`
* **Status:** `[Pass/Fail. Example: Fail]`
* **Details:** `[Any relevant details about the compliance check. Example: Firewall rules are not properly configured to restrict access to cardholder data.]`
## 5. Recommendations
`[Provide general recommendations for improving the security posture of the target. This section should include advice on secure coding practices, vulnerability management, and security awareness training. Example: Implement a secure coding lifecycle, conduct regular vulnerability scans, and provide security awareness training to developers.]`
## 6. Conclusion
`[Summarize the overall security posture of the target based on the scan results. Highlight any significant risks and reiterate the importance of addressing the identified vulnerabilities. Example: The scan identified several critical and high vulnerabilities that pose a significant risk to the application. It is crucial to address these vulnerabilities promptly to protect sensitive data and prevent potential attacks.]`
## 7. Appendix
`[Include any additional information or supporting documentation, such as links to relevant resources or detailed scan logs. Example: Links to relevant security advisories and documentation on vulnerability remediation.]`
* [Link to Security Advisories](`[Insert Link Here]`)
* [Link to Vulnerability Remediation Documentation](`[Insert Link Here]`)
* [Detailed Scan Logs (Attached Separately)]