漏洞扫描工具大全：自动化安全检测，集成Trivy、Snyk、npm audit、Bandit

vulnerability-scanning by secondsky/claude-skills

78 周安装量

93 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/secondsky/claude-skills --skill vulnerability-scanning

自动化开发运维安全

🇨🇳中文介绍

漏洞扫描

自动化检测代码、依赖项和容器中的安全漏洞。

依赖项扫描

# npm audit
npm audit --audit-level=high

# Snyk
snyk test --severity-threshold=high

# Safety (Python)
safety check --full-report

容器扫描 (Trivy)

# 扫描容器镜像
trivy image myapp:latest --severity HIGH,CRITICAL

# 扫描文件系统
trivy fs --scanners vuln,secret .

GitHub Actions 集成

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          severity: 'CRITICAL,HIGH'
          exit-code: '1'

      - name: Run Snyk
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high

      - name: npm audit
        run: npm audit --audit-level=high

代码分析 (Bandit for Python)

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

🇺🇸English

Vulnerability Scanning

Automate security vulnerability detection across code, dependencies, and containers.

Dependency Scanning

# npm audit
npm audit --audit-level=high

# Snyk
snyk test --severity-threshold=high

# Safety (Python)
safety check --full-report

Container Scanning (Trivy)

# Scan container image
trivy image myapp:latest --severity HIGH,CRITICAL

# Scan filesystem
trivy fs --scanners vuln,secret .

GitHub Actions Integration

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          severity: 'CRITICAL,HIGH'
          exit-code: '1'

      - name: Run Snyk
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high

      - name: npm audit
        run: npm audit --audit-level=high

Code Analysis (Bandit for Python)

bandit -r src/ -ll -ii

Node.js Scanner

const { execSync } = require('child_process');

function runSecurityScan() {
  const results = {
    npm: JSON.parse(execSync('npm audit --json').toString()),
    trivy: JSON.parse(execSync('trivy fs --format json .').toString())
  };

  const critical = results.npm.metadata?.vulnerabilities?.critical || 0;
  if (critical > 0) {
    console.error(`Found ${critical} critical vulnerabilities`);
    process.exit(1);
  }
}

Best Practices

Integrate scanning in CI/CD pipeline
Fail builds on high/critical findings
Scan dependencies and containers
Track vulnerabilities over time
Document accepted false positives

Tools

Trivy (containers, filesystem)
Snyk (dependencies, code)
npm audit / yarn audit
Bandit (Python)
OWASP Dependency-Check

Weekly Installs

Repository

secondsky/claude-skills

GitHub Stars

First Seen

Jan 25, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

gemini-cli65

claude-code64

codex64

opencode64

cursor62

github-copilot61