Use when designing how a database keeps multiple copies of its data in agreement across nodes for availability, read scaling, and disaster recovery: the three foundational…
Automated code review and security linting integration for CI/CD pipelines using reviewdog. Aggregates findings from multiple security and quality tools (SAST, linters,…
Develop comprehensive risk management plans for collections and cultural venues including disaster preparedness, security protocols, and insurance coordination
Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC…
Safety hooks for Claude Code — 695 pre-built hooks that prevent file deletion, credential leaks, git disasters, and token waste during autonomous AI coding sessions.
Source code vulnerability hunting (SAST). Decomposes analysis into specialized passes: map entry points, map dangerous ops, trace flows, find gaps, adversarial validation,…
Perform codebase analysis and architecture mapping as the first phase of a security assessment. Explores the tech stack, frameworks, entry points, data flows, and trust…
Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools.
Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2)…
Detect business logic vulnerabilities in a codebase using a three-phase approach: threat modeling (domain analysis and attack scenarios), batched verify (check exploitable gaps in…
Static Application Security Testing (SAST) tool setup, configuration, and custom rule creation for comprehensive security scanning across multiple programming languages.
Detect insecure file upload vulnerabilities in a codebase using a three-phase approach: discovery (find all upload sites), batched verify (check extension bypass and related…
Detect GraphQL injection vulnerabilities in a codebase using a three-phase approach: recon (confirm GraphQL usage and find unsafe operation document assembly sites), batched…
Detect hardcoded sensitive data (API keys, access tokens, private keys, passwords, etc.) in publicly accessible code — frontend JavaScript, mobile apps, client-side bundles, and…
Multi-language static application security testing using Horusec with support for 18+ programming languages and 20+ security analysis tools.
Detect missing authentication and broken function-level authorization vulnerabilities in a codebase using a three-phase approach: recon (map endpoints and the role/permission…
Detect path traversal vulnerabilities in a codebase using a three-phase approach: recon (find file-loading sinks with dynamic paths), batched verify (trace user input and…
Runs static application security testing using Semgrep rules and CodeQL queries against pull request diffs.
Detect Remote Code Execution (RCE) vulnerabilities in a codebase using a three-phase approach: recon (find dangerous execution sinks), batched verify (trace user input to sinks in…
Consolidate all SAST vulnerability results from the sast/ folder into a single final report ranked by severity and confidentiality impact.
Compiles and validates custom Semgrep SAST rules using the semgrep-core engine. Tests pattern matching against sample codebases and generates rule performance benchmarks with p/ci…
Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping.
Detect Server-Side Template Injection (SSTI) vulnerabilities in a codebase using a three-phase approach: recon (find template rendering sites that use dynamic strings), batched…
Generates Software Bill of Materials using Syft for container images and matches components against the NVD CVE database via OSV.dev API.
Generates Software Bill of Materials using Syft and scans for CVEs with Grype. Cross-references findings against the NVD and OSV databases for comprehensive vulnerability…
Final consolidated security assessment report generator with CVSS severity and remediation roadmap
Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC…
Structure individual scenes using Scene-Sequel framework with goal-conflict-disaster beats
API de Scripts Externos da Tray. Utilize quando o desenvolvedor precisar gerenciar scripts JavaScript customizados injetados na vitrine da loja, incluindo listagem, cadastro,…
Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor…
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual…
Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image
Automatisation d'audits de sécurité incluant scanning, reporting, intégration CI/CD et remediation tracking.
Walk a security team member through allocating a CVE for an tracking issue. Prints the ASF Vulnogram allocation URL and a CVE-ready title (the issue title stripped of…
Scan for reports that have not yet been copied into as tracking issues, present the proposed imports to the user, and — defaulting to *import unless the…
Open a tracking issue in for a security-relevant fix that has already been opened (or merged) as a public PR in , in the case where there is no inbound…
Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance.
Automatisation d'audits de sécurité incluant scanning, reporting, intégration CI/CD et remediation tracking.
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques.
Runs Semgrep against a codebase using official or custom rule registries and outputs a grouped report of security anti-patterns, deprecated API usage, and policy violations.
Builds custom Semgrep rules using the semgrep YAML rule syntax with metavariable-pattern, pattern-either, and taint-mode analysis.
Creates custom Semgrep SAST rules using the semgrep CLI and rule schema YAML format. Supports pattern-either, metavariable-regex, and taint-mode tracking for detecting…
Writes and deploys custom Semgrep rules using pattern, pattern-either, and metavariable-regex operators for multi-language SAST scanning.
Leverages the Semgrep OSS engine and semgrep-rules registry to perform deep static analysis across 30+ languages.
Executes Semgrep CLI with custom YAML rules and the Semgrep Registry API to detect anti-patterns, vulnerabilities, and taint tracking violations.
Generates custom Semgrep rules from natural language descriptions of vulnerability patterns. Uses semgrep --validate to verify rule syntax and semgrep --test to run against sample…
Executes Semgrep static analysis using the semgrep CLI with custom YAML rule definitions. Supports taint tracking, metavariable comparisons, and pattern-not-inside exclusions for…
Use this agent when you need deterministic static analysis security scanning using semgrep. This agent complements security-sentinel by running rule-based pattern matching to…
Runs Semgrep static analysis with custom rule packs targeting OWASP Top 10 patterns. Uses semgrep CLI with --config=auto and --sarif output for GitHub Advanced Security…
Performs SAST scanning using Semgrep CLI and Semgrep Registry rules. Detects OWASP Top 10 vulnerabilities, injection flaws, and insecure patterns with custom rule YAML authoring.
Scan codebases for security vulnerabilities and anti-patterns using Semgrep OSS rules and the Semgrep CLI. Supports custom YAML rule authoring and SARIF output for CI integration.
Runs Semgrep code and supply-chain checks with `semgrep scan`, registry rule packs, and dependency-aware findings to surface risky patterns early.
Implement Snowflake reliability patterns: replication, failover, Time Travel recovery, and application-level resilience for Snowflake integrations.
Scan your AI agents, MCP servers, and skills for security vulnerabilities from the command line. Snyk Agent Scan discovers and audits every agent component on your machine —…
Compliance expert for snyk-agent-scan — the agent skill file scanner — NOT for other Snyk CLI tools (snyk test, snyk code SAST, snyk iac, snyk container).
Snyk Agent Scan automatically discovers and scans AI agent components including MCP servers, agent skills, and agent harnesses for security vulnerabilities like prompt injections,…
Scans Docker and OCI container images for OS and application vulnerabilities using Snyk Container API.
Scans Docker images for OS and application vulnerabilities using the Snyk Container API. Generates fix PRs with upgraded base images and patched dependency versions.
Audits npm, pip, and Go module dependencies using the Snyk CLI and REST API. Generates SBOM reports and auto-patches known CVEs with version-pinned upgrade recommendations.
Performs deep dependency analysis using the Snyk CLI and REST API to detect vulnerable transitive packages. Generates fix PRs with version pinning and patch recommendations.