security-scanning
Installation
SKILL.md
Security Scanning Skill
Automated security scanning pipeline: SAST, SCA, SBOM, and secrets detection.
Tools
| Tool | Purpose | Install |
|---|---|---|
| Semgrep | SAST — static analysis | pip install semgrep |
| OWASP dependency-check | SCA — known CVEs in deps | brew install dependency-check |
| Syft | SBOM generation | brew install anchore/syft/syft |
| Grype | Vulnerability scanner (uses SBOM) | brew install anchore/grype/grype |
| detect-secrets | Secrets detection | pip install detect-secrets |
Phase 1: SAST — Static Analysis (Semgrep)
# Run default ruleset
semgrep --config auto .