container-security-scanner

# Container Security Scanner Skill ## Purpose Automated container image and Kubernetes security scanning to identify vulnerabilities, misconfigurations, secrets, and compliance issues in containerized environments. ## Capabilities ### Image Vulnerability Scanning - Scan container images for known CVEs using Trivy, Grype, or Anchore - Detect vulnerabilities in OS packages and application dependencies - Generate SBOM (Software Bill of Materials) in CycloneDX or SPDX format - Track vulnerability severity (Critical, High, Medium, Low) ### Dockerfile Security Analysis - Check Dockerfile best practices and security issues - Identify privileged container configurations - Detect hardcoded secrets in Dockerfiles - Verify base image security and freshness ### Kubernetes Security Scanning - Run Kubernetes CIS benchmark checks using kube-bench - Analyze pod security policies and standards - Check RBAC configurations for over-permissive access - Detect insecure network policies ### Secrets Detection - Scan images for embedded secrets and credentials - Identify API keys, tokens, and passwords in layers - Check environment variable configurations ### Image Signature Verification - Verify container image signatures using cosign - Validate image provenance and attestations - Check image registry security configurations ### Compliance Reporting - Generate compliance reports (CIS, NIST, PCI-DSS) - Map findings to compliance controls - Track remediation status and timelines ## Integrat...