back
loading skill details...
Scans codebase for common security vulnerabilities and posts findings to Slack for team review
--- name: code-security-scanner description: Scans codebase for common security vulnerabilities and posts findings to Slack for team review version: 1.0.0 author: DevTools Team tags: [security, code-review, automation] --- # Code Security Scanner A lightweight security scanner that analyzes source code for common vulnerability patterns and delivers formatted findings directly to your Slack channel. ## Features - Static analysis for OWASP Top 10 vulnerability patterns - Configurable severity thresholds - Formatted Slack notifications with code snippets - Supports Python, JavaScript, TypeScript, and Go ## Setup ```bash pip install openai slack_sdk export SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL ``` ## Usage ```bash python scripts/scan.py scan ./src --webhook $SLACK_WEBHOOK_URL python scripts/scan.py scan ./src --webhook $SLACK_WEBHOOK_URL --min-severity high ``` ## Rules Detected - SQL injection patterns - Hardcoded credentials - Insecure deserialization - Path traversal - XXE vulnerabilities
don't have the plugin yet? install it then click "run inline in claude" again.