Integrations
- Task-monitor: Real-time progress tracking
- Memory: Store and recall scan results across sessions

Commands

Command	Description
`./run.sh scan --path .`	Run all security scans
`./run.sh sast --path . --language python`	Run SAST only
`./run.sh deps --path .`	Run dependency audit only
`./run.sh secrets --path .`	Run secrets detection only
`./run.sh report --format json`	Generate scan report

Usage

# Full security scan
./run.sh scan --path /path/to/project

# SAST scan for Python
./run.sh sast --path . --language python

# Dependency audit
./run.sh deps --path .

# Secrets detection
./run.sh secrets --path .

# Store results in memory
./run.sh scan --path . --store-results

Output Format

All commands output structured JSON with:

findings: List of security issues
severity: critical/high/medium/low/info
location: File path and line number
rule_id: Scanner rule that triggered
description: Human-readable description
remediation: Suggested fix

Required Tools

Tool	Purpose	Install
semgrep	SAST	`pip install semgrep`
bandit	Python SAST	`pip install bandit`
pip-audit	Python deps	`pip install pip-audit`
gitleaks	Secrets	Binary from GitHub releases
trivy	Container scan	Binary from GitHub releases

Integration with Task-Monitor

Scans automatically register with task-monitor for progress tracking:

# View scan progress
.pi/skills/task-monitor/run.sh tui --filter security-scan

Integration with Memory

Store scan results for trend analysis:

# Store results
./run.sh scan --path . --store-results

# Recall previous scans
.pi/skills/memory/run.sh recall "security scan results"

security-scan

Security-Scan: Self-Hosted Security Scanning

Features