bobmatnyc/security-scanning
universal/security/security-scanning/SKILL.md
CI security scanning: secrets, deps, SAST, triage, expiring exceptions
$ install --global
skillsauthnpx skillsauth add bobmatnyc/claude-mpm-skills security-scanningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 30, 2026, 3:44 AM290.5s7 files scanned
SKILL.md
- name:
- security-scanning
- description:
- CI security scanning: secrets, deps, SAST, triage, expiring exceptions
- user-invocable:
- false
- disable-model-invocation:
- true
- license:
- MIT
- compatibility:
- claude-code
- version:
- 1.1.0
- category:
- universal
- author:
- Claude MPM Team
- summary:
- Baseline CI scans (secrets, deps, SAST) with triage and expiring exceptions
- tags:
- [security, scanning]
Security Scanning
Quick Start
- Secrets: fail fast; rotate on exposure.
- Dependencies: gate critical/high; automate updates.
- SAST: start high-signal; ratchet over time.
- Exceptions: require reason, owner, and expiry.
Load Next (References)
references/tooling-matrix.mdreferences/ci-workflows.mdreferences/triage-and-remediation.mdreferences/common-findings-and-fixes.mdreferences/supply-chain-and-sbom.md
Related Skills
bobmatnyc/axum
development
VerifiedTrustedCommunity
Axum (Rust) web framework patterns for production APIs: routers/extractors, state, middleware, error handling, tracing, graceful shutdown, and testing
53SKILL.mdUpdated May 19, 2026
bobmatnyc/web-performance-optimization
development
VerifiedTrustedCommunity
Optimize web performance using Core Web Vitals, modern patterns (View Transitions, Speculation Rules), and framework-specific techniques
49SKILL.mdUpdated May 30, 2026
bobmatnyc/api-documentation
development
VerifiedTrustedCommunity
Best practices for documenting APIs and code interfaces, eliminating redundant documentation guidance per agent.
49SKILL.mdUpdated May 30, 2026
bobmatnyc/api-design-patterns
development
VerifiedTrustedCommunity
Comprehensive API design patterns covering REST, GraphQL, gRPC, versioning, authentication, and modern API best practices
49SKILL.mdUpdated May 30, 2026