skills for everythingsecurity-scanning
Run security scans on code using Snyk tools to identify vulnerabilities. Use when the user asks about security issues, wants to scan code for vulnerabilities, mentions Snyk, or after generating new code.
SKILL.md
| Name | security-scanning |
| Description | Run security scans on code using Snyk tools to identify vulnerabilities. Use when the user asks about security issues, wants to scan code for vulnerabilities, mentions Snyk, or after generating new code. |
name: security-scanning description: Run security scans on code using Snyk tools to identify vulnerabilities. Use when the user asks about security issues, wants to scan code for vulnerabilities, mentions Snyk, or after generating new code.
Security Scanning
Perform comprehensive security scans on codebases using Snyk tools.
Quick Start
When the user needs security scanning:
- Determine the scan type needed
- Run the appropriate Snyk scan
- Analyze results and report findings
- Suggest remediation for any issues found
Scan Types
Static Application Security Testing (SAST)
For scanning source code:
# Use snyk_code_scan for first-party code
snyk_code_scan path="/path/to/project"
Best for: Python, JavaScript, TypeScript, Java, Go, and other supported languages.
Software Composition Analysis (SCA)
For scanning dependencies:
# Use snyk_sca_scan for open-source dependencies
snyk_sca_scan path="/path/to/project"
Best for: Identifying vulnerable packages in requirements.txt, package.json, etc.
Infrastructure as Code (IaC)
For scanning cloud configurations:
# Use snyk_iac_scan for Terraform, CloudFormation, Kubernetes
snyk_iac_scan path="/path/to/infrastructure"
Best for: Terraform files, Kubernetes manifests, Dockerfiles.
Container Scanning
For scanning Docker images:
# Use snyk_container_scan for container images
snyk_container_scan image="image-name:tag"
Workflow
- Identify scope: What needs scanning (code, deps, IaC, containers)?
- Run scan: Execute the appropriate Snyk tool
- Review results: Analyze severity levels (critical, high, medium, low)
- Prioritize: Focus on critical and high severity issues first
- Remediate: Fix issues and rescan to verify
Severity Filtering
Use severity_threshold to filter results:
critical- Only critical vulnerabilitieshigh- High and abovemedium- Medium and abovelow- All vulnerabilities
Post-Scan Actions
After finding issues:
- Critical/High: Attempt immediate fix if possible
- Medium: Document and plan remediation
- Low: Note for future cleanup
Always rescan after making fixes to confirm remediation.