- Home
- Skills
- Dasien
- Claudemultiagenttemplate
- Vulnerability Scanning
vulnerability-scanning_skill
- Python
3
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill dasien/claudemultiagenttemplate --skill vulnerability-scanning- SKILL.md6.3 KB
Overview
This skill automates detection of known vulnerabilities in code, dependencies, and container images, then triages findings and prioritizes remediation. It integrates dependency scanners, SAST/DAST tools, and secret detection to produce actionable reports. The goal is to reduce risk by identifying exploitable issues and creating a clear remediation plan with priorities and status tracking.
How this skill works
The skill runs a combination of dependency scanners (npm audit, pip-audit, Snyk, OWASP Dependency-Check), SAST tools (Semgrep, Bandit, SonarQube) and optional DAST tools (OWASP ZAP) during CI/CD or scheduled scans. Results are parsed, de-duplicated, and classified by severity and exploitability. Findings are triaged into priorities (P0/P1/P2/P3) with recommended fixes, target versions, and tracking metadata for remediation.
When to use it
- Before deploying to production or releasing a build
- As part of CI/CD pipeline for every commit or PR
- During periodic security audits (weekly or monthly)
- After updating or adding dependencies
- When investigating external security alerts or CVEs
Best practices
- Fail builds on critical findings and block merges until resolved or mitigated
- Scan both application code and dependencies, plus container images if used
- Assess exploitability — confirm whether vulnerable code is reachable in your environment
- Keep scanning tools and rule sets updated to detect recent CVEs
- Document accepted risks and compensating controls with justification
Example use cases
- Run npm audit and Snyk in CI for a Node.js project and automatically open tickets for P0 findings
- Use Semgrep to detect hardcoded secrets and trigger rotation workflow for exposed credentials
- Schedule weekly dependency scans for a Python microservice and triage results into the backlog
- Scan container images for CVEs before deployment and block images with high/critical vulnerabilities
- Combine SAST and DAST for a web app to catch both code-level and runtime security issues
FAQ
Prioritize by exploitability and impact: fix critical, exploitable issues immediately; plan high severity in the current sprint; schedule medium/low in the backlog after assessing risk.
How do you reduce false positives?
Validate findings by confirming reachable code paths, reviewing proof-of-concept details, and cross-checking multiple scanners; mark and document false positives to tune rules.