Does this skill work with non-Python projects?

While some scanning tools like Bandit are Python-centric, the security checklists, encryption workflows, and general audit principles are applicable to any software project.

What security scanners are supported by this skill?

The skill integrates with popular tools including Bandit for Python static analysis, Semgrep for pattern matching, and pip-audit or safety for checking dependency vulnerabilities.

Can this skill help manage encryption keys?

Yes, it includes workflows for validating GPG and SSH keys, as well as managing secret encryption to ensure secure code signing and sensitive data handling.

How does this skill help with OWASP compliance?

It provides specific guidance and checklists for the OWASP Top 10 vulnerabilities, including injection, broken authentication, and sensitive data exposure, ensuring your code follows best practices.

Security Compliance & Scanning

Name: Security Compliance & Scanning
Author: ByronWilliamsCPA

byByronWilliamsCPA

0•

Security & Testing

Automates security audits, vulnerability scanning, and compliance validation for software development workflows.

The Security skill empowers developers to integrate robust security practices directly into their coding workflow by providing automated tools for GPG/SSH key validation, dependency vulnerability scanning, and static code analysis. It facilitates compliance with OWASP Top 10 standards through actionable checklists and specialized workflows for secret encryption and Git signing. Whether performing pre-commit checks or pre-release audits, this skill ensures that security remains a core component of the development lifecycle, identifying risks early and suggesting industry-standard mitigations.

Key Features

010 GitHub stars

02Automated vulnerability scanning with Bandit, Semgrep, and pip-audit

03Comprehensive OWASP Top 10 security audit guidance and mitigations

04Structured pre-commit and pre-release security checklists

05Secure secret management and data encryption workflows

06Validation and management of GPG/SSH keys and Git signing configurations

Use Cases

01Automating dependency vulnerability checks within a Python-based RAG pipeline

02Performing a comprehensive security audit before a production software release

03Enforcing Git commit signing and SSH key validation across a development team

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add byronwilliamscpa/rag-processor security

For use in Claude.ai and ChatGPT

Download Skill