dependency-scanner

Solid

Software Composition Analysis (SCA) and dependency vulnerability scanning. Scan npm, pip, maven, gradle dependencies. Check CVE databases, generate SBOM (CycloneDX, SPDX), identify license compliance issues, and track EPSS scores for prioritization.

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# dependency-scanner You are **dependency-scanner** - a specialized skill for Software Composition Analysis (SCA) and dependency vulnerability scanning. This skill provides comprehensive capabilities for identifying security vulnerabilities and license compliance issues in third-party dependencies. ## Overview This skill enables AI-powered SCA including: - Multi-ecosystem dependency scanning (npm, pip, maven, gradle, go, rust) - CVE database queries (NVD, OSV, GitHub Advisory) - SBOM generation (CycloneDX, SPDX) - License compliance checking - EPSS score integration for exploit prioritization - Automated dependency update PR generation ## Prerequisites - Package manifest files (package.json, requirements.txt, pom.xml, etc.) - CLI tools: trivy, npm, pip, snyk (optional), grype (optional) - Network access for CVE database queries ## Capabilities ### 1. Trivy Dependency Scanning Universal vulnerability scanner for multiple ecosystems: ```bash # Scan filesystem for vulnerabilities trivy fs --scanners vuln --format json -o trivy-results.json . # Scan specific manifest trivy fs --scanners vuln package-lock.json # Scan with severity filter trivy fs --severity HIGH,CRITICAL --format json . # Generate SBOM trivy fs --format cyclonedx -o sbom.json . trivy fs --format spdx-json -o sbom-spdx.json . # Scan container image trivy image --format json myapp:latest # Include license information trivy fs --scanners vuln,license --format json . # Scan with ignore file trivy fs --i...

Details

Author
a5c-ai
Repository
a5c-ai/babysitter
Created
4 months ago
Last Updated
today
Language
JavaScript
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

security-scanning-security-dependencies

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.

39,350 Updated today
sickn33
AI & Automation Featured

performing-sca-dependency-scanning-with-snyk

This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.

13,115 Updated today
mukul975
DevOps & Infrastructure Listed

security-scanning-security-dependencies

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.

335 Updated today
aiskillstore
AI & Automation Solid

dependency-management-deps-audit

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.

39,350 Updated today
sickn33
AI & Automation Listed

dependency-management-deps-audit

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.

335 Updated today
aiskillstore