zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-security-vulnerability-scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ded41d735577039258a8fcc860ef418daa29177a
gh-jeremylongshore-claude-c…/commands/scan.md
Zhongwei Li ded41d7355 Initial commit
2025-11-30 08:22:46 +08:00

1.4 KiB
Raw Blame History

description, shortcut
description shortcut
Scan codebase for security vulnerabilities vuln

Vulnerability Scanner

Perform comprehensive vulnerability scanning on the current codebase to identify security issues, CVEs, and potential attack vectors.

Scan Process

  1. Code Analysis (SAST)

    • Scan for common vulnerability patterns
    • Identify insecure code practices
    • Check for hardcoded secrets
    • Analyze authentication/authorization flaws

  2. Dependency Scanning

    • Check npm/pip/composer dependencies for known CVEs
    • Identify outdated packages with security patches
    • Report transitive dependency vulnerabilities

  3. Configuration Review

    • Analyze security-sensitive configurations
    • Check for insecure defaults
    • Validate SSL/TLS settings
    • Review access control configurations

  4. Report Generation

    • Severity-based categorization (Critical, High, Medium, Low)
    • CVE identifiers and CVSS scores
    • Remediation recommendations
    • Affected files and line numbers

Output Format

Generate a structured vulnerability report with:

  • Executive summary with vulnerability counts by severity
  • Detailed findings with code snippets
  • Remediation steps for each vulnerability
  • Links to CVE databases and security advisories

Security Best Practices

  • Never expose vulnerability details in public repositories
  • Prioritize Critical and High severity issues
  • Retest after applying fixes
  • Document false positives for future scans
Reference in New Issue View Git Blame Copy Permalink