---
description: Perform comprehensive security scan and vulnerability assessment
argument-hint: [scan-type] [severity-level]
---

# Security Scan Command

Perform comprehensive security scan and vulnerability assessment with detailed reporting.

## Context
- Scan type: $1 (dependencies|code|infrastructure|all - default: all)
- Severity level: $2 (low|medium|high|critical - default: medium)
- Current dependencies: @package.json
- Security configuration: @.securityrc

## Security Scan Process

### 1. **Dependency Scanning**
- Check for known vulnerabilities
- Validate license compliance
- Identify outdated packages
- Assess supply chain risks

### 2. **Code Analysis**
- Static Application Security Testing (SAST)
- Secret detection and credential scanning
- Code quality and security patterns
- OWASP Top 10 compliance check

### 3. **Infrastructure Security**
- Configuration security validation
- Network security assessment
- Access control verification
- Compliance framework validation

### 4. **Security Reporting**
- Vulnerability assessment report
- Risk prioritization and scoring
- Remediation recommendations
- Compliance status summary

## Security Standards
- OWASP Top 10 compliance
- Industry security best practices
- Regulatory compliance (GDPR, HIPAA, SOC 2)
- Internal security policies

## Expected Outcome
- Comprehensive security assessment report
- Prioritized vulnerability list
- Detailed remediation guidance
- Compliance status validation

## Critical Issues
If critical vulnerabilities found:
- Immediate notification to security team
- Emergency remediation plan
- Deployment halt recommendations
- Incident response procedures