snyk/commit
.cursor/skills/commit/SKILL.md
Prepare and commit code changes with full verification, pre-commit checks, and tests. Runs verification skill, fixes issues using TDD, executes all test suites, and creates atomic commits. Use when ready to commit changes, before committing, or when asked to prepare a commit.
$ install --global
skillsauthnpx skillsauth add snyk/snyk-intellij-plugin commitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 10:44 PM17.5s1 file scanned
SKILL.md
- name:
- commit
- description:
- Prepare and commit code changes with full verification, pre-commit checks, and tests. Runs verification skill, fixes issues using TDD, executes all test suites, and creates atomic commits. Use when ready to commit changes, before committing, or when asked to prepare a commit.
Commit Workflow
Prepare, verify, and commit code changes following project standards.
Workflow Overview
Verify → Fix Issues (TDD) → Pre-commit Checks → Commit → Tests → [Push]
Quick Start Checklist
Copy and track progress:
Commit Progress:
- [ ] Step 1: Run verification skill
- [ ] Step 2: Fix issues using TDD
- [ ] Step 3: Run pre-commit checks
- [ ] Step 4: Create atomic commit
- [ ] Step 5: Run ALL test suites (3 REQUIRED):
- [ ] ./gradlew ktlintCheck spotlessApply
- [ ] ./gradlew koverXMLReport
- [ ] ./gradlew verifyPlugin
- [ ] Step 6: Push (optional, ask first)
CRITICAL: Step 5 has THREE mandatory test suites. Skipping any is FORBIDDEN.
Step 1: Run Verification Skill
Execute the verification skill to analyze code changes:
Verification Progress:
- [ ] Load project rules and standards
- [ ] Trace code paths for modified files
- [ ] Check for semantic changes
- [ ] Identify code smells
- [ ] Run security scans
- [ ] Review PR feedback (if PR exists)
Read and follow: .cursor/skills/verification/SKILL.md
Output: List of issues found, categorized by severity.
Step 2: Fix Issues Using TDD
For each issue identified by verification:
TDD Gate (MANDATORY)
Before ANY fix:
- [ ] Write failing test first
- [ ] Confirm test fails without fix
- [ ] Implement minimal fix
- [ ] Confirm test passes
Never skip TDD. Use implementation skill for complex fixes.
Issue Priority
- Security vulnerabilities - Fix immediately (except test data)
- Breaking changes - Confirm intentional, add tests
- Code smells - Fix immediately
- PR feedback - Address blockers first
Step 3: Pre-commit Checks
Run:
./gradlew ktlintCheck spotlessApply
./gradlew koverXMLReport
./gradlew verifyPlugin
Security Scans
Get absolute path first:
pwd
Then run:
snyk_sca_scanwith absolute project pathsnyk_code_scanwith absolute project path
Fix any security issues (skip test data false positives).
Step 4: Create Atomic Commit
Pre-commit Verification
- [ ] Linting clean (./gradlew ktlintCheck spotlessApply)
- [ ] Security scans clean
- [ ] No implementation plan files staged
- [ ] Documentation updated (if needed)
Commit Format
type(scope): description [XXX-XXXX]
Body explaining what and why.
Types: feat, fix, refactor, test, docs, chore, perf
Extract issue ID from branch:
git branch --show-current
Staged Files Check
# Review what will be committed
git status
git diff --staged
Never commit:
- Implementation plan files (
*_implementation_plan/) - Secrets or credentials
- Generated diagram source (commit PNGs only if needed)
Execute Commit
git add <files>
git commit -m "$(cat <<'EOF'
type(scope): description [XXX-XXXX]
Body explaining what and why.
EOF
)"
NEVER use --no-verify. NEVER amend commits.
Step 5: Run All Test Suites (After Commit, Before Push)
CRITICAL: ALL three test suites MUST be executed after commit but before push. Skipping ANY test suite is FORBIDDEN.
Execution Order
Run these commands IN ORDER and wait for each to complete:
./gradlew ktlintCheck spotlessApply
./gradlew koverXMLReport
./gradlew verifyPlugin
Test Gate Enforcement
Before proceeding to Step 6, verify:
- Did
./gradlew ktlintCheck spotlessApplycomplete with all tests passing? - Did
./gradlew koverXMLReportcomplete with all tests passing? - Did
./gradlew verifyPlugincomplete with all tests passing?
If ANY answer is "no" or "I didn't run it", STOP and run the missing tests.
Test Failure Protocol
If tests fail:
- Do not proceed to push
- Identify root cause
- Apply TDD fix (test first, then implementation)
- Create new commit with fix
- Re-run ALL test suites (not just the one that failed)
- Continue only when ALL three test suites pass
Step 6: Push (Optional)
Mandatory Test Checklist
You MUST run each test suite and check it off. Do NOT proceed to push until ALL boxes are checked:
Test Suite Checklist (ALL REQUIRED):
- [ ] ./gradlew ktlintCheck spotlessApply
- [ ] ./gradlew koverXMLReport
- [ ] ./gradlew verifyPlugin
Always ask before pushing.
If approved:
git push --set-upstream origin $(git branch --show-current)
After Push
Offer to:
- Create draft PR (if none exists)
- Update PR description (if PR exists)
- Check snyk-pr-review-bot comments
- Run
sleepfor 60s - Read and run verification skill
Command Reference
| Task | Command |
| ------------------- |----------------------------------------------------|
| Format & lint | ./gradlew ktlintCheck spotlessApply |
| Unit tests | ./gradlew test
| Integration tests | ./gradlew verifyPlugin |
| SCA scan | snyk_sca_scan with absolute path |
| Code scan | snyk_code_scan with absolute path |
| Current branch | git branch --show-current |
| Push | git push --set-upstream origin $(git branch ...) |
Red Flags (STOP)
- [ ] Tests failing
- [ ] Any test suite skipped
- [ ] Security vulnerabilities unfixed
- [ ] Implementation plan files staged
- [ ] Unresolved PR blockers
- [ ] TDD not followed for fixes
- [ ] --no-verify being considered
Related Skills
snyk/verification
development
VerifiedTrustedCommunity
Deep verification of code changes before committing. Traces code paths, detects semantic changes, identifies code smells and security issues. Reads GitHub PR reviews to propose implementation decisions. Use before commits, after implementation, or when asked to verify/review changes.
65SKILL.mdUpdated Apr 16, 2026
snyk/implementation
tools
VerifiedTrustedCommunity
Start an implementation task with proper planning, TDD workflow, and session hand-off. Use when beginning work on a Jira issue, starting a new feature, or resuming implementation work. Triggers on phrases like "start task", "begin implementation", "work on issue", or "implement feature".
65SKILL.mdUpdated Apr 16, 2026
snyk/create-implementation-plan
tools
VerifiedTrustedCommunity
Create structured implementation plans for Jira issues using the project template. Use when starting a new task, implementing a feature, when asked to create a plan, or when the implementation skill detects no existing plan.
65SKILL.mdUpdated Apr 16, 2026
snyk/commit
development
VerifiedTrustedCommunity
Prepare and commit code changes with full verification, pre-commit checks, and tests. Runs verification skill, fixes issues using TDD, executes all test suites, and creates atomic commits. Use when ready to commit changes, before committing, or when asked to prepare a commit.
65SKILL.mdUpdated Apr 16, 2026