asamassekou10/ship-safe-ci
claude-code-plugin/skills/ship-safe-ci/SKILL.md
Run Ship Safe in CI mode — compact output, exit codes, SARIF generation. Use when the user wants to set up CI/CD security gates or test their pipeline configuration.
$ install --global
skillsauthnpx skillsauth add asamassekou10/ship-safe ship-safe-ciInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 8:52 AM9.0s1 file scanned
SKILL.md
- name:
- ship-safe-ci
- description:
- Run Ship Safe in CI mode — compact output, exit codes, SARIF generation. Use when the user wants to set up CI/CD security gates or test their pipeline configuration.
- argument-hint:
- [path] [--threshold <score>] [--fail-on <severity>] [--sarif <file>]
Ship Safe — CI Pipeline Mode
You are helping the user set up Ship Safe as a security gate in their CI/CD pipeline.
Step 1: Run CI scan
npx ship-safe@latest ci $ARGUMENTS 2>/dev/null
Default: pass/fail based on score >= 75.
Options:
--threshold 60— custom passing score--fail-on critical— only fail on critical findings--fail-on high— fail on critical or high--sarif results.sarif— SARIF output for GitHub Code Scanning--baseline— only check new findings--json— JSON output for custom integrations--no-deps— skip dependency audit
Step 2: Interpret results
The command outputs a compact one-line summary:
[ship-safe] Score: 82/100 (B) | Findings: 12 (0C 3H 9M) | CVEs: 2 | 4.2s
[ship-safe] PASS
Or on failure:
[ship-safe] Score: 58/100 (C) | Findings: 25 (3C 8H 14M) | CVEs: 5 | 6.1s
[ship-safe] FAIL: Score 58 < threshold 75
Exit code 0 = pass, exit code 1 = fail.
Step 3: Help set up CI integration
Based on the user's CI platform, offer to create or update their workflow file:
GitHub Actions
- name: Security Scan
run: npx ship-safe@latest ci . --threshold 75 --sarif results.sarif
- name: Upload SARIF
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
GitLab CI
security-scan:
script:
- npx ship-safe@latest ci . --threshold 75 --json > security-report.json
artifacts:
reports:
sast: security-report.json
Generic CI
npx ship-safe@latest ci . --threshold 75 || exit 1
Step 4: Suggest baseline workflow
If there are many findings:
- Create a baseline:
npx ship-safe baseline . - Use
--baselinein CI to only catch new vulnerabilities - Gradually fix baselined issues over time
Important Notes
- CI mode suppresses all spinners and color for clean log output
- The SARIF file can be uploaded to GitHub Code Scanning for inline PR annotations
- Use
--fail-on criticalfor a gradual rollout — start strict only for critical issues
Related Skills
asamassekou10/ship-safe
tools
VerifiedTrustedCommunity
Run a full security audit on this project — 16 agents scan for secrets, injections, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a security audit, vulnerability scan, or asks if their code is safe to ship.
420SKILL.mdUpdated Apr 16, 2026
asamassekou10/ship-safe-score
development
VerifiedTrustedCommunity
Get your project's security health score (0-100, A-F grade). Use when the user wants a quick security check or asks "is my code safe to ship?"
420SKILL.mdUpdated Apr 16, 2026
asamassekou10/ship-safe-scan
development
VerifiedTrustedCommunity
Quick scan for leaked secrets — API keys, passwords, tokens, database URLs. Use when the user wants to check for hardcoded secrets or exposed credentials.
420SKILL.mdUpdated Apr 16, 2026
asamassekou10/ship-safe-red-team
tools
VerifiedTrustedCommunity
Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.
420SKILL.mdUpdated Apr 16, 2026