Dependency Scan

Overview

This skill focuses on identifying security vulnerabilities, outdated packages, and license compliance issues in project dependencies. It covers multiple package ecosystems (JavaScript/Node.js, Python, Rust, Go, Ruby, Java, .NET, PHP) and provides remediation guidance, SBOM generation, and supply chain security analysis.

When to Use

• Scanning dependencies for CVEs and security advisories
• Checking for outdated or unmaintained packages
• Generating Software Bill of Materials (SBOM)
• Verifying license compliance and compatibility
• Analyzing supply chain risks and transitive dependencies
• Setting up automated dependency updates (Dependabot, Renovate, Snyk)
• Investigating security alerts from GitHub/GitLab
• Auditing dependencies before production deployment

Instructions