dependency scanning AI Agent Skills
Browse 12 skills related to dependency scanning
security-scanner
Run security scans, including SAST, dependency scanning, and secret detection.
security-testing
Identify security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Use for security test, vulnerability scanning, OWASP, SQL injection, XSS, CSRF, and penetration testing.
security-auditor
Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings, API keys), SAST for injection/XSS vulnerabilities, and security posture reports. Activate on 'security audit', 'vulnerability scan', 'OWASP', 'secret detection', 'dependency check', 'CVE', 'security review', 'penetration testing prep'. NOT for runtime WAF configuration (use infrastructure tools), network security/firewalls, or compliance certifications like SOC2/HIPAA (legal/organizational).
supply-chain-security
Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.
Security Audit and Vulnerability Scanning
Comprehensive security audit workflow including dependency scanning, unsafe code detection, and secret management. Use when scanning for vulnerabilities or before production deployment.
security
Security auditing for code vulnerabilities (OWASP Top 10, XSS, SQL injection) and dependency scanning (pnpm audit, Snyk). Use when handling user input, adding authentication, before deployments, or resolving CVEs.
application-security
OWASP Top 10 with code examples, SAST/DAST tools, dependency scanning, CSP headers, and input validation patterns. Use when hardening applications, reviewing security posture, or implementing defensive coding practices.
vibe-security
Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more. Actions: scan, analyze, fix, audit, check, review, secure, validate, sanitize, protect. Languages: JavaScript, TypeScript, Python, PHP, Java, Go, Ruby. Frameworks: Express, Django, Flask, Laravel, Spring, Rails. Vulnerabilities: SQL injection, XSS, CSRF, authentication bypass, authorization issues, command injection, path traversal, insecure deserialization, weak crypto, sensitive data exposure. Topics: input validation, output encoding, parameterized queries, password hashing, session management, CORS, CSP, security headers, rate limiting, dependency scanning.
building-devsecops-pipeline-with-gitlab-ci
Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.
secure-by-default
Check for common vulnerabilities and enforce safe patterns in React Native and Next.js apps. Use for auth, input validation, secrets handling, and dependency scanning workflows.
hardening-audit
Production hardening checklist derived from the actual stack. HTTP headers, dependency scanning, secret management, input validation, error handling, CSP, CORS. Not a generic OWASP list — reasoned from the specific architecture. Use before deployment, after adding external integrations, or at phase boundaries.
hardening-audit
Production hardening checklist derived from the actual stack. HTTP headers, dependency scanning, secret management, input validation, error handling, CSP, CORS. Not a generic OWASP list — reasoned from the specific architecture. Use before deployment, after adding external integrations, or at phase boundaries.