What scanning tools does this skill support?

It provides configuration and implementation guidance for industry standards including Semgrep, CodeQL, Trivy, OWASP ZAP, Snyk, and Checkov.

Can it help with secret detection?

Yes, it prioritizes immediate detection and remediation of leaked secrets and hardcoded credentials to prevent data breaches.

Does it integrate with GitHub?

Yes, it includes specific configurations for GitHub-native security tools like Dependabot and CodeQL actions for automated pull request checks.

How does it handle container security?

It uses tools like Trivy to scan container images for OS-level vulnerabilities, filesystem flaws, and configuration errors.

Is it suitable for AI-driven security fixes?

Absolutely, it leverages AI remediation patterns to not only identify vulnerabilities but also suggest and write secure code alternatives.

Security Scanning Expert

Name: Security Scanning Expert
Author: willsigmon

bywillsigmon

•

Security & Testing

Automates comprehensive security audits and vulnerability scanning across source code, dependencies, and infrastructure.

This skill integrates expert DevSecOps practices into your development workflow, providing specialized guidance for SAST, DAST, SCA, and IaC security scanning. It empowers Claude to identify vulnerabilities in real-time, implement automated remediation using modern AI tools, and configure security pipelines with industry-standard tools like Semgrep, Trivy, and OWASP ZAP. Whether you are hardening a container, auditing Terraform configurations, or managing dependency CVEs, this skill ensures your codebase remains secure and compliant with modern security standards.

Key Features

01Static Analysis (SAST) for source code vulnerability detection

02Software Composition Analysis (SCA) to identify vulnerable dependencies

03Infrastructure as Code (IaC) security scanning for Terraform and Kubernetes

04Dynamic Analysis (DAST) for runtime security testing of web applications

05AI-powered vulnerability remediation and secure coding alternatives

067 GitHub stars

Use Cases

01Setting up automated security pipelines in CI/CD environments

02Remediating critical CVEs and secret leaks in production codebases

03Auditing container images and cloud infrastructure for misconfigurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add willsigmon/sigstack security-scanning-expert

For use in Claude.ai and ChatGPT

Download Skill