Commit 558d976
feat: add dependency-scanning skill for CVE/vulnerability detection
Add a new skill under plugins/advanced-security/skills/dependency-scanning/
that guides agents through scanning project dependencies for known CVEs and
security vulnerabilities using ecosystem-native audit tools.
Supported ecosystems:
- JavaScript: npm audit, yarn audit (v1 and Berry v2+), pnpm audit
- Python: pip-audit
- Rust: cargo audit
- Ruby: bundler-audit
- Go: govulncheck
- .NET: dotnet list package --vulnerable
The skill covers auto-detection of ecosystems via lock files, running the
appropriate audit command with JSON output, presenting findings grouped by
severity (critical -> high -> moderate -> low), and providing per-ecosystem
remediation commands.
Also fixes marketplace.json: spark plugin was referencing ./skills/spark
which does not exist; the correct path is ./skills/spark-app-template.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent 6fe19e8 commit 558d976
3 files changed
Lines changed: 395 additions & 2 deletions
File tree
- .github/plugin
- plugins/advanced-security
- skills/dependency-scanning
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
| 36 | + | |
| 37 | + | |
37 | 38 | | |
38 | 39 | | |
39 | 40 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| 12 | + | |
12 | 13 | | |
13 | 14 | | |
14 | 15 | | |
15 | 16 | | |
16 | 17 | | |
17 | 18 | | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
0 commit comments