Skills
.Work. You
Rest

sca-security

Community

Identify and secure software dependencies.

Software Engineering#CI/CD#dependencies#license#vulnerabilities#supply-chain#analyze#SBOM
Authorhardw00t
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill enables teams to rapidly identify vulnerable dependencies, verify license compliance, and assess supply-chain risks across software projects.

Core Features & Use Cases

  • Dependency scanning across npm, pip, Maven, and Go modules to surface known CVEs and license issues.
  • SBOM generation (CycloneDX/SPDX) for visibility into transitive dependencies and supply-chain risk.
  • License compliance checks and policy enforcement across ecosystems.
  • CI/CD integration to automate security checks during builds and releases.
  • Guidance and remediation workflows based on SBOM and vulnerability findings; references located in references/vulnerability_databases.md, references/license_guide.md.

Quick Start

  • Install required tools: Trivy, Grype, Syft, OWASP Dependency-Check, and Snyk CLI as documented in prerequisites.
  • Generate an SBOM for your project: python3 scripts/sbom_generate.py /path/to/project
  • Run multi-ecosystem vulnerability scans: bash scripts/scan_all.sh /path/to/project
  • Check licenses: python3 scripts/license_check.py /path/to/project

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sca-security
Download link: https://github.com/hardw00t/ai-security-arsenal/archive/main.zip#sca-security

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.