meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-5/
Security Audit: Java Payment Processing Service
Problem/Feature Description
A Java Spring Boot service (inputs/pom.xml) handles payment processing and must pass a PCI-DSS compliance review. Part of the compliance checklist requires a documented security audit of all third-party Maven dependencies to confirm no known CVEs are present in the production classpath.
The service has been running in production for over a year and some of the library versions were pinned at project inception. The compliance officer needs a signed-off vulnerability report before the next audit window closes.
Output Specification
Audit all Maven dependencies declared in the project and save the findings to security-report.md. The report should list each dependency, flag any known vulnerabilities with their severity and CVE identifiers, and include a summary count of vulnerable versus clean packages.
Also save the raw scan data to scan-raw.json.