vulnerability-scanning

Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.

16 stars

bydiegosouzapw

View on GitHub Installation ↓

Best use case

vulnerability-scanning is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using vulnerability-scanning should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/vulnerability-scanning/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/testing-security/vulnerability-scanning/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/vulnerability-scanning/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How vulnerability-scanning Compares

Feature / Agent	vulnerability-scanning	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Vulnerability Scanning

Automate security vulnerability detection across code, dependencies, and containers.

## Dependency Scanning

```bash
# npm audit
npm audit --audit-level=high

# Snyk
snyk test --severity-threshold=high

# Safety (Python)
safety check --full-report
```

## Container Scanning (Trivy)

```bash
# Scan container image
trivy image myapp:latest --severity HIGH,CRITICAL

# Scan filesystem
trivy fs --scanners vuln,secret .
```

## GitHub Actions Integration

```yaml
name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          severity: 'CRITICAL,HIGH'
          exit-code: '1'

      - name: Run Snyk
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high

      - name: npm audit
        run: npm audit --audit-level=high
```

## Code Analysis (Bandit for Python)

```bash
bandit -r src/ -ll -ii
```

## Node.js Scanner

```javascript
const { execSync } = require('child_process');

function runSecurityScan() {
  const results = {
    npm: JSON.parse(execSync('npm audit --json').toString()),
    trivy: JSON.parse(execSync('trivy fs --format json .').toString())
  };

  const critical = results.npm.metadata?.vulnerabilities?.critical || 0;
  if (critical > 0) {
    console.error(`Found ${critical} critical vulnerabilities`);
    process.exit(1);
  }
}
```

## Best Practices

- Integrate scanning in CI/CD pipeline
- Fail builds on high/critical findings
- Scan dependencies and containers
- Track vulnerabilities over time
- Document accepted false positives

## Tools

- Trivy (containers, filesystem)
- Snyk (dependencies, code)
- npm audit / yarn audit
- Bandit (Python)
- OWASP Dependency-Check

Related Skills

security-scanning-security-hardening

from diegosouzapw/awesome-omni-skill

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

security-scanning-security-dependencies

from diegosouzapw/awesome-omni-skill

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...

algorand-vulnerability-scanner

from diegosouzapw/awesome-omni-skill

Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).

sast-scanning

from diegosouzapw/awesome-omni-skill

Perform static application security testing with tools like Semgrep, CodeQL, and SonarQube. Identify security vulnerabilities in source code before deployment. Use when implementing secure SDLC, code review automation, or security gates in CI/CD pipelines.

implementing-aqua-security-for-container-scanning

from diegosouzapw/awesome-omni-skill

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.

security-scanning-threat-mitigation-mapping

from diegosouzapw/awesome-omni-skill

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness. Use when: the task directly matches threat mitigation mapping responsibilities within plugin security-scanning. Do not use when: a more specific framework or task-focused skill is clearly a better match.

scanning-tools

from diegosouzapw/awesome-omni-skill

This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detec...

implementing-rapid7-insightvm-for-scanning

from diegosouzapw/awesome-omni-skill

Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.

bgo

from diegosouzapw/awesome-omni-skill

Automated Blender build-go workflow. Automatically builds, removes old version, installs, enables, and launches Blender with your extension/add-on. Use when you want to quickly test changes, execute complete build-to-launch cycle, or run custom packaging scripts with automatic Blender launch.

Coding & Development

conversion-tools-automation

from diegosouzapw/awesome-omni-skill

Automate Conversion Tools tasks via Rube MCP (Composio). Always search tools first for current schemas.

conventional-commits

from diegosouzapw/awesome-omni-skill

Writes and reviews Conventional Commits commit messages (v1.0.0) to support semantic versioning and automated changelogs. Use when drafting git commit messages, PR titles, release notes, or when enforcing a conventional commit format (type(scope): subject, BREAKING CHANGE, footers, revert).

Conventional Commit Generator

from diegosouzapw/awesome-omni-skill

This skill should be used when the user asks to "create a conventional commit", "generate conventional commits", "commit with conventional format", "group my changes for commits", "make a conventional commit message", or mentions "semantic commits", "commitizen", "commit conventions". Analyzes staged and unstaged changes, groups related modifications, and generates properly formatted conventional commit messages with interactive commit grouping options.