zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-security-vulnerability-scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ded41d735577039258a8fcc860ef418daa29177a
gh-jeremylongshore-claude-c…/commands/scan.md
Zhongwei Li ded41d7355 Initial commit
2025-11-30 08:22:46 +08:00

49 lines
1.4 KiB
Markdown
Raw Blame History

---
description: Scan codebase for security vulnerabilities
shortcut: vuln
---
# Vulnerability Scanner
Perform comprehensive vulnerability scanning on the current codebase to identify security issues, CVEs, and potential attack vectors.
## Scan Process
1. **Code Analysis (SAST)**
- Scan for common vulnerability patterns
- Identify insecure code practices
- Check for hardcoded secrets
- Analyze authentication/authorization flaws
2. **Dependency Scanning**
- Check npm/pip/composer dependencies for known CVEs
- Identify outdated packages with security patches
- Report transitive dependency vulnerabilities
3. **Configuration Review**
- Analyze security-sensitive configurations
- Check for insecure defaults
- Validate SSL/TLS settings
- Review access control configurations
4. **Report Generation**
- Severity-based categorization (Critical, High, Medium, Low)
- CVE identifiers and CVSS scores
- Remediation recommendations
- Affected files and line numbers
## Output Format
Generate a structured vulnerability report with:
- Executive summary with vulnerability counts by severity
- Detailed findings with code snippets
- Remediation steps for each vulnerability
- Links to CVE databases and security advisories
## Security Best Practices
- Never expose vulnerability details in public repositories
- Prioritize Critical and High severity issues
- Retest after applying fixes
- Document false positives for future scans
Reference in New Issue View Git Blame Copy Permalink