>
Vulnerability Scanning
Table of Contents
Overview
When to Use
Quick Start
Reference Guides
Best Practices
Overview
Systematically identify security vulnerabilities in applications, dependencies, and infrastructure using automated scanning tools and manual security assessments.
When to Use
Pre-deployment security checks
Continuous security monitoring
Compliance audits (PCI-DSS, SOC 2)
Dependency vulnerability detection
Container security scanning
Infrastructure security assessment
Quick Start
Minimal working example:
// scanner.js - Comprehensive vulnerability scanning
const { exec } = require("child_process");
const util = require("util");
const fs = require("fs").promises;
const execPromise = util.promisify(exec);
class VulnerabilityScanner {
constructor() {
this.results = {
dependencies: [],
code: [],
docker: [],
secrets: [],
};
}
async scanDependencies() {
console.log("Scanning dependencies with npm audit...");
try {
const { stdout } = await execPromise("npm audit --json");
const auditResults = JSON.parse(stdout);
for (const [name, advisory] of Object.entries(
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
Guide
Contents
Node.js Vulnerability Scanner
Node.js Vulnerability Scanner
Python OWASP Scanner
Python OWASP Scanner
CI/CD Integration - GitHub Actions
CI/CD Integration - GitHub Actions
Best Practices
✅ DO
Automate scans in CI/CD
Scan dependencies regularly
Use multiple scanning tools
Set severity thresholds
Track vulnerability trends
Scan containers and images
Monitor CVE databases
Document false positives
❌ DON'T
Skip vulnerability scanning
Ignore low severity issues
Trust single scanning tool
Bypass security gates
Commit secrets to repos
1d:[don't have the plugin yet? install it then click "run inline in claude" again.