高级安全运维工具包 | 漏洞管理、合规验证、安全编码与自动化

senior-secops by alirezarezvani/claude-skills

191 周安装量

6,700 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/alirezarezvani/claude-skills --skill senior-secops

自动化开发运维安全

🇨🇳中文介绍

高级安全运维工程师

包含漏洞管理、合规性验证、安全编码实践和安全自动化的完整安全运维工具包。

触发术语

当您遇到以下情况时使用此技能：

类别	术语
漏洞管理	CVE, CVSS, 漏洞扫描, 安全补丁, 依赖审计, npm audit, pip-audit
OWASP Top 10	注入, XSS, CSRF, 身份验证失效, 安全配置错误, 敏感数据泄露
合规性	SOC 2, PCI-DSS, HIPAA, GDPR, 合规审计, 安全控制, 访问控制
安全编码	输入验证, 输出编码, 参数化查询, 预处理语句, 净化
密钥管理	API 密钥, 密钥保险库, 环境变量, HashiCorp Vault, AWS Secrets Manager
身份验证	JWT, OAuth, MFA, 2FA, TOTP, 密码哈希, bcrypt, argon2, 会话管理

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

3. 合规性检查器

根据 SOC 2、PCI-DSS、HIPAA 和 GDPR 框架验证安全合规性。

# 检查所有框架
python scripts/compliance_checker.py /path/to/project

# 特定框架
python scripts/compliance_checker.py /path/to/project --framework soc2
python scripts/compliance_checker.py /path/to/project --framework pci-dss
python scripts/compliance_checker.py /path/to/project --framework hipaa
python scripts/compliance_checker.py /path/to/project --framework gdpr

# 导出合规性报告
python scripts/compliance_checker.py /path/to/project --json --output compliance.json

访问控制实现
静态和传输中加密
审计日志记录
身份验证强度（MFA、密码哈希）
安全文档
CI/CD 安全控制

工作流程 1：安全审计

对代码库进行完整的安全评估。

# 步骤 1：扫描代码漏洞
python scripts/security_scanner.py . --severity medium

# 步骤 2：检查依赖项漏洞
python scripts/vulnerability_assessor.py . --severity high

# 步骤 3：验证合规性控制
python scripts/compliance_checker.py . --framework all

# 步骤 4：生成综合报告
python scripts/security_scanner.py . --json --output security.json
python scripts/vulnerability_assessor.py . --json --output vulns.json
python scripts/compliance_checker.py . --json --output compliance.json

工作流程 2：CI/CD 安全门

将安全检查集成到部署流水线中。

# .github/workflows/security.yml
name: Security Scan

on:
  pull_request:
    branches: [main, develop]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Security Scanner
        run: python scripts/security_scanner.py . --severity high

      - name: Vulnerability Assessment
        run: python scripts/vulnerability_assessor.py . --severity critical

      - name: Compliance Check
        run: python scripts/compliance_checker.py . --framework soc2

工作流程 3：CVE 分类

响应影响您应用程序的新 CVE。

1. 评估 (0-2 小时)
   - 使用 vulnerability_assessor.py 识别受影响的系统
   - 检查 CVE 是否正在被主动利用
   - 根据您的环境确定 CVSS 环境评分

2. 优先级排序
   - 严重 (CVSS 9.0+, 面向互联网): 24 小时
   - 高危 (CVSS 7.0-8.9): 7 天
   - 中危 (CVSS 4.0-6.9): 30 天
   - 低危 (CVSS < 4.0): 90 天

3. 修复
   - 将受影响的依赖项更新到已修复的版本
   - 运行 security_scanner.py 以验证修复
   - 测试回归问题
   - 部署并启用增强监控

4. 验证
   - 重新运行 vulnerability_assessor.py
   - 确认不再报告 CVE
   - 记录修复操作

工作流程 4：事件响应

安全事件处理程序。

阶段 1：检测与识别 (0-15 分钟)
- 接收并确认警报
- 初始严重性评估 (SEV-1 到 SEV-4)
- 分配事件指挥官
- 建立通信渠道

阶段 2：遏制 (15-60 分钟)
- 识别受影响的系统
- 必要时进行网络隔离
- 如果凭证泄露则轮换凭证
- 保留证据（日志、内存转储）

阶段 3：根除 (1-4 小时)
- 确定根本原因
- 移除恶意软件/后门
- 修补漏洞（运行 security_scanner.py）
- 加固系统

阶段 4：恢复 (4-24 小时)
- 从干净备份恢复系统
- 使服务重新上线
- 启用增强监控
- 恢复用户访问

阶段 5：事后处理 (24-72 小时)
- 记录事件时间线
- 完成根本原因分析
- 记录经验教训
- 实施预防措施
- 交付利益相关者报告

选项	描述
`target`	要扫描的目录或文件
`--severity, -s`	最低严重性：critical, high, medium, low
`--verbose, -v`	显示正在扫描的文件
`--json`	以 JSON 格式输出结果
`--output, -o`	将结果写入文件

0: 无严重/高危发现
1: 高危严重性发现
2: 严重严重性发现

vulnerability_assessor.py

选项	描述
`target`	包含依赖文件的目录
`--severity, -s`	最低严重性：critical, high, medium, low
`--verbose, -v`	显示正在扫描的文件
`--json`	以 JSON 格式输出结果
`--output, -o`	将结果写入文件

0: 无严重/高危漏洞
1: 高危严重性漏洞
2: 严重严重性漏洞

compliance_checker.py

选项	描述
`target`	要检查的目录
`--framework, -f`	框架：soc2, pci-dss, hipaa, gdpr, all
`--verbose, -v`	显示正在运行的检查
`--json`	以 JSON 格式输出结果
`--output, -o`	将结果写入文件

0: 合规 (90%+ 分数)
1: 不合规 (50-69% 分数)
2: 关键差距 (<50% 分数)

漏洞	预防措施
A01: 访问控制失效	实施 RBAC，默认拒绝，服务器端验证权限
A02: 加密机制失效	使用 TLS 1.2+，AES-256 加密，安全的密钥管理
A03: 注入	参数化查询，输入验证，转义输出
A04: 不安全设计	威胁建模，安全设计模式，纵深防御
A05: 安全配置错误	加固指南，移除默认设置，禁用未使用的功能
A06: 易受攻击的组件	依赖项扫描，自动更新，SBOM
A07: 身份验证失效	MFA，速率限制，安全的密码存储
A08: 数据完整性失效	代码签名，完整性检查，安全的 CI/CD
A09: 安全日志记录失效	全面的审计日志，SIEM 集成，告警
A10: SSRF	URL 验证，允许列表目的地，网络分段

## 输入验证
- [ ] 在服务器端验证所有输入
- [ ] 使用允许列表而非拒绝列表
- [ ] 针对特定上下文进行净化（HTML、SQL、shell）

## 输出编码
- [ ] 为浏览器输出进行 HTML 编码
- [ ] 为 URL 进行 URL 编码
- [ ] 为脚本上下文进行 JavaScript 编码

## 身份验证
- [ ] 使用 bcrypt/argon2 处理密码
- [ ] 为敏感操作实施 MFA
- [ ] 强制执行强密码策略

## 会话管理
- [ ] 生成安全的随机会话 ID
- [ ] 设置 HttpOnly、Secure、SameSite 标志
- [ ] 实施会话超时（15 分钟空闲）

## 错误处理
- [ ] 记录带有上下文的错误（不含密钥）
- [ ] 向用户返回通用消息
- [ ] 切勿在生产环境中暴露堆栈跟踪

## 密钥管理
- [ ] 使用环境变量或密钥管理器
- [ ] 切勿将密钥提交到版本控制
- [ ] 定期轮换凭证

SOC 2 Type II 控制

控制	类别	描述
CC1	控制环境	安全策略，组织结构
CC2	沟通	安全意识，文档
CC3	风险评估	漏洞扫描，威胁建模
CC6	逻辑访问	身份验证，授权，MFA
CC7	系统操作	监控，日志记录，事件响应
CC8	变更管理	CI/CD，代码审查，部署控制

要求	描述
要求 3	保护存储的持卡人数据（静态加密）
要求 4	加密传输（TLS 1.2+）
要求 6	安全开发（输入验证，安全编码）
要求 8	强身份验证（MFA，密码策略）
要求 10	审计日志记录（所有对持卡人数据的访问）
要求 11	安全测试（SAST，DAST，渗透测试）

保障措施	要求
164.312(a)(1)	用于访问 PHI 的唯一用户标识
164.312(b)	PHI 访问的审计跟踪
164.312(c)(1)	数据完整性控制
164.312(d)	个人/实体身份验证（MFA）
164.312(e)(1)	传输加密（TLS）

条款	要求
第 25 条	隐私设计，数据最小化
第 32 条	安全措施，加密，假名化
第 33 条	违规通知（72 小时）
第 17 条	被遗忘权（数据删除）
第 20 条	数据可移植性（导出能力）

# 错误：硬编码密钥
API_KEY = "sk-1234567890abcdef"

# 正确：环境变量
import os
API_KEY = os.environ.get("API_KEY")

# 更好：密钥管理器
from your_vault_client import get_secret
API_KEY = get_secret("api/key")

# 错误：字符串拼接
query = f"SELECT * FROM users WHERE id = {user_id}"

# 正确：参数化查询
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))

// 错误：直接 innerHTML 赋值易受攻击
// 正确：使用 textContent（自动转义）
element.textContent = userInput;

// 正确：对 HTML 使用净化库
import DOMPurify from 'dompurify';
const safeHTML = DOMPurify.sanitize(userInput);

// 密码哈希
const bcrypt = require('bcrypt');
const SALT_ROUNDS = 12;

// 哈希密码
const hash = await bcrypt.hash(password, SALT_ROUNDS);

// 验证密码
const match = await bcrypt.compare(password, hash);

// Express.js 安全头
const helmet = require('helmet');
app.use(helmet());

// 或手动设置头：
app.use((req, res, next) => {
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-XSS-Protection', '1; mode=block');
  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
  res.setHeader('Content-Security-Policy', "default-src 'self'");
  next();
});

文档	描述
`references/security_standards.md`	OWASP Top 10，安全编码，身份验证，API 安全
`references/vulnerability_management_guide.md`	CVE 分类，CVSS 评分，修复工作流程
`references/compliance_requirements.md`	SOC 2，PCI-DSS，HIPAA，GDPR 要求

Snyk（依赖项扫描）
Semgrep（SAST）
CodeQL（代码分析）
Trivy（容器扫描）
OWASP ZAP（DAST）

HashiCorp Vault
AWS Secrets Manager
Azure Key Vault
1Password Secrets Automation

bcrypt, argon2（密码哈希）
jsonwebtoken（JWT）
passport.js（身份验证中间件）
speakeasy（TOTP/MFA）

日志记录与监控：

Winston, Pino（Node.js 日志记录）
Datadog, Splunk（SIEM）
PagerDuty（告警）

Vanta（SOC 2 自动化）
Drata（合规性管理）
AWS Config（配置合规性）

🇺🇸English

Senior SecOps Engineer

Complete toolkit for Security Operations including vulnerability management, compliance verification, secure coding practices, and security automation.

Trigger Terms
Core Capabilities
Workflows
Tool Reference
Security Standards
Compliance Frameworks
Best Practices

Trigger Terms

Use this skill when you encounter:

Category	Terms
Vulnerability Management	CVE, CVSS, vulnerability scan, security patch, dependency audit, npm audit, pip-audit
OWASP Top 10	injection, XSS, CSRF, broken authentication, security misconfiguration, sensitive data exposure
Compliance	SOC 2, PCI-DSS, HIPAA, GDPR, compliance audit, security controls, access control
Secure Coding	input validation, output encoding, parameterized queries, prepared statements, sanitization
Secrets Management	API key, secrets vault, environment variables, HashiCorp Vault, AWS Secrets Manager
Authentication	JWT, OAuth, MFA, 2FA, TOTP, password hashing, bcrypt, argon2, session management
Security Testing	SAST, DAST, penetration test, security scan, Snyk, Semgrep, CodeQL, Trivy
Incident Response	security incident, breach notification, incident response, forensics, containment
Network Security	TLS, HTTPS, HSTS, CSP, CORS, security headers, firewall rules, WAF
Infrastructure Security	container security, Kubernetes security, IAM, least privilege, zero trust
Cryptography	encryption at rest, encryption in transit, AES-256, RSA, key management, KMS
Monitoring	security monitoring, SIEM, audit logging, intrusion detection, anomaly detection

Core Capabilities

1. Security Scanner

Scan source code for security vulnerabilities including hardcoded secrets, SQL injection, XSS, command injection, and path traversal.

# Scan project for security issues
python scripts/security_scanner.py /path/to/project

# Filter by severity
python scripts/security_scanner.py /path/to/project --severity high

# JSON output for CI/CD
python scripts/security_scanner.py /path/to/project --json --output report.json

Detects:

Hardcoded secrets (API keys, passwords, AWS credentials, GitHub tokens, private keys)
SQL injection patterns (string concatenation, f-strings, template literals)
XSS vulnerabilities (innerHTML assignment, unsafe DOM manipulation, React unsafe patterns)
Command injection (shell=True, exec, eval with user input)
Path traversal (file operations with user input)

2. Vulnerability Assessor

Scan dependencies for known CVEs across npm, Python, and Go ecosystems.

# Assess project dependencies
python scripts/vulnerability_assessor.py /path/to/project

# Critical/high only
python scripts/vulnerability_assessor.py /path/to/project --severity high

# Export vulnerability report
python scripts/vulnerability_assessor.py /path/to/project --json --output vulns.json

Scans:

package.json and package-lock.json (npm)
requirements.txt and pyproject.toml (Python)
go.mod (Go)

Output:

CVE IDs with CVSS scores
Affected package versions
Fixed versions for remediation
Overall risk score (0-100)

3. Compliance Checker

Verify security compliance against SOC 2, PCI-DSS, HIPAA, and GDPR frameworks.

# Check all frameworks
python scripts/compliance_checker.py /path/to/project

# Specific framework
python scripts/compliance_checker.py /path/to/project --framework soc2
python scripts/compliance_checker.py /path/to/project --framework pci-dss
python scripts/compliance_checker.py /path/to/project --framework hipaa
python scripts/compliance_checker.py /path/to/project --framework gdpr

# Export compliance report
python scripts/compliance_checker.py /path/to/project --json --output compliance.json

Verifies:

Access control implementation
Encryption at rest and in transit
Audit logging
Authentication strength (MFA, password hashing)
Security documentation
CI/CD security controls

Workflows

Workflow 1: Security Audit

Complete security assessment of a codebase.

# Step 1: Scan for code vulnerabilities
python scripts/security_scanner.py . --severity medium

# Step 2: Check dependency vulnerabilities
python scripts/vulnerability_assessor.py . --severity high

# Step 3: Verify compliance controls
python scripts/compliance_checker.py . --framework all

# Step 4: Generate combined report
python scripts/security_scanner.py . --json --output security.json
python scripts/vulnerability_assessor.py . --json --output vulns.json
python scripts/compliance_checker.py . --json --output compliance.json

Workflow 2: CI/CD Security Gate

Integrate security checks into deployment pipeline.

# .github/workflows/security.yml
name: Security Scan

on:
  pull_request:
    branches: [main, develop]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Security Scanner
        run: python scripts/security_scanner.py . --severity high

      - name: Vulnerability Assessment
        run: python scripts/vulnerability_assessor.py . --severity critical

      - name: Compliance Check
        run: python scripts/compliance_checker.py . --framework soc2

Workflow 3: CVE Triage

Respond to a new CVE affecting your application.

1. ASSESS (0-2 hours)
   - Identify affected systems using vulnerability_assessor.py
   - Check if CVE is being actively exploited
   - Determine CVSS environmental score for your context

2. PRIORITIZE
   - Critical (CVSS 9.0+, internet-facing): 24 hours
   - High (CVSS 7.0-8.9): 7 days
   - Medium (CVSS 4.0-6.9): 30 days
   - Low (CVSS < 4.0): 90 days

3. REMEDIATE
   - Update affected dependency to fixed version
   - Run security_scanner.py to verify fix
   - Test for regressions
   - Deploy with enhanced monitoring

4. VERIFY
   - Re-run vulnerability_assessor.py
   - Confirm CVE no longer reported
   - Document remediation actions

Workflow 4: Incident Response

Security incident handling procedure.

PHASE 1: DETECT & IDENTIFY (0-15 min)
- Alert received and acknowledged
- Initial severity assessment (SEV-1 to SEV-4)
- Incident commander assigned
- Communication channel established

PHASE 2: CONTAIN (15-60 min)
- Affected systems identified
- Network isolation if needed
- Credentials rotated if compromised
- Preserve evidence (logs, memory dumps)

PHASE 3: ERADICATE (1-4 hours)
- Root cause identified
- Malware/backdoors removed
- Vulnerabilities patched (run security_scanner.py)
- Systems hardened

PHASE 4: RECOVER (4-24 hours)
- Systems restored from clean backup
- Services brought back online
- Enhanced monitoring enabled
- User access restored

PHASE 5: POST-INCIDENT (24-72 hours)
- Incident timeline documented
- Root cause analysis complete
- Lessons learned documented
- Preventive measures implemented
- Stakeholder report delivered

Tool Reference

security_scanner.py

Option	Description
`target`	Directory or file to scan
`--severity, -s`	Minimum severity: critical, high, medium, low
`--verbose, -v`	Show files as they're scanned
`--json`	Output results as JSON
`--output, -o`	Write results to file

Exit Codes:

0: No critical/high findings
1: High severity findings
2: Critical severity findings

vulnerability_assessor.py

Option	Description
`target`	Directory containing dependency files
`--severity, -s`	Minimum severity: critical, high, medium, low
`--verbose, -v`	Show files as they're scanned
`--json`	Output results as JSON
`--output, -o`	Write results to file

Exit Codes:

0: No critical/high vulnerabilities
1: High severity vulnerabilities
2: Critical severity vulnerabilities

compliance_checker.py

Option	Description
`target`	Directory to check
`--framework, -f`	Framework: soc2, pci-dss, hipaa, gdpr, all
`--verbose, -v`	Show checks as they run
`--json`	Output results as JSON
`--output, -o`	Write results to file

Exit Codes:

0: Compliant (90%+ score)
1: Non-compliant (50-69% score)
2: Critical gaps (<50% score)

Security Standards

OWASP Top 10 Prevention

Vulnerability	Prevention
A01: Broken Access Control	Implement RBAC, deny by default, validate permissions server-side
A02: Cryptographic Failures	Use TLS 1.2+, AES-256 encryption, secure key management
A03: Injection	Parameterized queries, input validation, escape output
A04: Insecure Design	Threat modeling, secure design patterns, defense in depth
A05: Security Misconfiguration	Hardening guides, remove defaults, disable unused features
A06: Vulnerable Components	Dependency scanning, automated updates, SBOM
A07: Authentication Failures	MFA, rate limiting, secure password storage
A08: Data Integrity Failures	Code signing, integrity checks, secure CI/CD
A09: Security Logging Failures	Comprehensive audit logs, SIEM integration, alerting

Secure Coding Checklist

## Input Validation
- [ ] Validate all input on server side
- [ ] Use allowlists over denylists
- [ ] Sanitize for specific context (HTML, SQL, shell)

## Output Encoding
- [ ] HTML encode for browser output
- [ ] URL encode for URLs
- [ ] JavaScript encode for script contexts

## Authentication
- [ ] Use bcrypt/argon2 for passwords
- [ ] Implement MFA for sensitive operations
- [ ] Enforce strong password policy

## Session Management
- [ ] Generate secure random session IDs
- [ ] Set HttpOnly, Secure, SameSite flags
- [ ] Implement session timeout (15 min idle)

## Error Handling
- [ ] Log errors with context (no secrets)
- [ ] Return generic messages to users
- [ ] Never expose stack traces in production

## Secrets Management
- [ ] Use environment variables or secrets manager
- [ ] Never commit secrets to version control
- [ ] Rotate credentials regularly

Compliance Frameworks

SOC 2 Type II Controls

Control	Category	Description
CC1	Control Environment	Security policies, org structure
CC2	Communication	Security awareness, documentation
CC3	Risk Assessment	Vulnerability scanning, threat modeling
CC6	Logical Access	Authentication, authorization, MFA
CC7	System Operations	Monitoring, logging, incident response
CC8	Change Management	CI/CD, code review, deployment controls

PCI-DSS v4.0 Requirements

Requirement	Description
Req 3	Protect stored cardholder data (encryption at rest)
Req 4	Encrypt transmission (TLS 1.2+)
Req 6	Secure development (input validation, secure coding)
Req 8	Strong authentication (MFA, password policy)
Req 10	Audit logging (all access to cardholder data)
Req 11	Security testing (SAST, DAST, penetration testing)

HIPAA Security Rule

Safeguard	Requirement
164.312(a)(1)	Unique user identification for PHI access
164.312(b)	Audit trails for PHI access
164.312(c)(1)	Data integrity controls
164.312(d)	Person/entity authentication (MFA)
164.312(e)(1)	Transmission encryption (TLS)

GDPR Requirements

Article	Requirement
Art 25	Privacy by design, data minimization
Art 32	Security measures, encryption, pseudonymization
Art 33	Breach notification (72 hours)
Art 17	Right to erasure (data deletion)
Art 20	Data portability (export capability)

Best Practices

Secrets Management

# BAD: Hardcoded secret
API_KEY = "sk-1234567890abcdef"

# GOOD: Environment variable
import os
API_KEY = os.environ.get("API_KEY")

# BETTER: Secrets manager
from your_vault_client import get_secret
API_KEY = get_secret("api/key")

SQL Injection Prevention

# BAD: String concatenation
query = f"SELECT * FROM users WHERE id = {user_id}"

# GOOD: Parameterized query
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))

XSS Prevention

// BAD: Direct innerHTML assignment is vulnerable
// GOOD: Use textContent (auto-escaped)
element.textContent = userInput;

// GOOD: Use sanitization library for HTML
import DOMPurify from 'dompurify';
const safeHTML = DOMPurify.sanitize(userInput);

Authentication

// Password hashing
const bcrypt = require('bcrypt');
const SALT_ROUNDS = 12;

// Hash password
const hash = await bcrypt.hash(password, SALT_ROUNDS);

// Verify password
const match = await bcrypt.compare(password, hash);

Security Headers

// Express.js security headers
const helmet = require('helmet');
app.use(helmet());

// Or manually set headers:
app.use((req, res, next) => {
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-XSS-Protection', '1; mode=block');
  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
  res.setHeader('Content-Security-Policy', "default-src 'self'");
  next();
});

Reference Documentation

Document	Description
`references/security_standards.md`	OWASP Top 10, secure coding, authentication, API security
`references/vulnerability_management_guide.md`	CVE triage, CVSS scoring, remediation workflows
`references/compliance_requirements.md`	SOC 2, PCI-DSS, HIPAA, GDPR requirements

Tech Stack

Security Scanning:

Snyk (dependency scanning)
Semgrep (SAST)
CodeQL (code analysis)
Trivy (container scanning)
OWASP ZAP (DAST)

Secrets Management:

HashiCorp Vault
AWS Secrets Manager
Azure Key Vault
1Password Secrets Automation

Authentication:

bcrypt, argon2 (password hashing)
jsonwebtoken (JWT)
passport.js (authentication middleware)
speakeasy (TOTP/MFA)

Logging & Monitoring:

Winston, Pino (Node.js logging)
Datadog, Splunk (SIEM)
PagerDuty (alerting)

Compliance:

Vanta (SOC 2 automation)
Drata (compliance management)
AWS Config (configuration compliance)

Weekly Installs

189

Repository

alirezarezvani/…e-skills

GitHub Stars

2.8K

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code159

opencode144

gemini-cli142

codex132

cursor118

github-copilot114

Azure Data Explorer (Kusto) 查询技能：KQL数据分析、日志遥测与时间序列处理

119,800 周安装

高级安全运维工具包 | 漏洞管理、合规验证、安全编码与自动化

🇨🇳中文介绍

高级安全运维工程师

目录

触发术语

相关 Skills

核心能力

1. 安全扫描器

2. 漏洞评估器

3. 合规性检查器

工作流程

工作流程 1：安全审计

工作流程 2：CI/CD 安全门

工作流程 3：CVE 分类

工作流程 4：事件响应

工具参考

security_scanner.py

vulnerability_assessor.py

compliance_checker.py

安全标准

OWASP Top 10 预防

安全编码清单

合规框架

SOC 2 Type II 控制

PCI-DSS v4.0 要求

HIPAA 安全规则

GDPR 要求

最佳实践

密钥管理

SQL 注入预防

XSS 预防

身份验证

安全头

参考文档

技术栈

🇺🇸English

Senior SecOps Engineer

Table of Contents

Trigger Terms

Core Capabilities

1. Security Scanner

2. Vulnerability Assessor

3. Compliance Checker

Workflows

Workflow 1: Security Audit

Workflow 2: CI/CD Security Gate

Workflow 3: CVE Triage

Workflow 4: Incident Response

Tool Reference

security_scanner.py

vulnerability_assessor.py

compliance_checker.py

Security Standards

OWASP Top 10 Prevention

Secure Coding Checklist

Compliance Frameworks

SOC 2 Type II Controls

PCI-DSS v4.0 Requirements

HIPAA Security Rule

GDPR Requirements

Best Practices

Secrets Management

SQL Injection Prevention

XSS Prevention

Authentication

Security Headers

Reference Documentation

Tech Stack

最新 Skills