tessl install https://github.com/secondsky/claude-skills --skill vulnerability-scanninggithub.com/secondsky/claude-skills
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Review Score
88%
Validation Score
12/16
Implementation Score
80%
Activation Score
100%
Automate security vulnerability detection across code, dependencies, and containers.
# npm audit
npm audit --audit-level=high
# Snyk
snyk test --severity-threshold=high
# Safety (Python)
safety check --full-report# Scan container image
trivy image myapp:latest --severity HIGH,CRITICAL
# Scan filesystem
trivy fs --scanners vuln,secret .name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
severity: 'CRITICAL,HIGH'
exit-code: '1'
- name: Run Snyk
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
- name: npm audit
run: npm audit --audit-level=highbandit -r src/ -ll -iiconst { execSync } = require('child_process');
function runSecurityScan() {
const results = {
npm: JSON.parse(execSync('npm audit --json').toString()),
trivy: JSON.parse(execSync('trivy fs --format json .').toString())
};
const critical = results.npm.metadata?.vulnerabilities?.critical || 0;
if (critical > 0) {
console.error(`Found ${critical} critical vulnerabilities`);
process.exit(1);
}
}