dev-security
CommunityComprehensive SAST + SCA scans with AI reasoning
AuthorMaxGiu67
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Provides an automated, reproducible security audit of source code and dependencies to find SAST and SCA vulnerabilities, reduce false positives, and produce actionable remediation plans so teams can safely promote code to production.
Core Features & Use Cases
- Hybrid three-layer scanning: combines deterministic SAST tools (Semgrep, Bandit, Bearer) and SCA tools (npm audit, pip-audit, OSV, retire.js) with an AI security-review layer to validate findings and detect business-logic issues.
- Unified reporting: aggregates findings into specs/technical/security-report.md with CWE/CVE mapping, severity classification, Security Score calculation, and trend comparison to prior scans.
- Remediation workflow: suggests exact dependency upgrades or code fixes, supports an isolated worktree to apply fixes, re-scans modified files, and updates changelogs when fixes pass tests.
- Use Case: run a pre-release security gate for a Node.js or Python service to ensure no critical or high vulnerabilities advance to production.
Quick Start
Run a hybrid SAST and SCA scan on the repository and generate specs/technical/security-report.md with findings and suggested remediations.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: dev-security Download link: https://github.com/MaxGiu67/plugin-MUCC/archive/main.zip#dev-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.