tenet-securitylisted

# Tenet Security > Scans the codebase for security vulnerabilities across injection, authentication, authorization, cryptography, and configuration domains. ## Purpose This skill evaluates the security posture of the codebase by combining deterministic toolchain signals (semgrep, tflint) with targeted pattern matching for dangerous APIs, insecure defaults, missing validation, and unsafe cryptographic practices. Every finding includes a self-contained `fix_prompt` following the template in `shared/fix_prompt_template.md`. ## Language Support Matrix ```yaml support: native: [typescript, javascript, python] tree_sitter: [go, rust, java, ruby] heuristic: [terraform, kotlin, swift, php, csharp, cpp, c, shell] config-only: [yaml, json, dockerfile] skip: [markdown, css] ``` ## Toolchain Inputs | File | Required | Notes | |---|---|---| | `.healthcheck/toolchain/semgrep.json` | No (degrade gracefully) | Primary signal for injection, auth, crypto findings | | `.healthcheck/toolchain/tflint.json` | No (only if terraform present) | IaC security misconfigurations | | `.healthcheck/toolchain/language-census.json` | Yes | Determines which language-specific scans to run | If `semgrep.json` is missing, log a warning and proceed with grep-based analysis only. Set `confidence: "heuristic"` on all findings produced without semgrep backing. If `tflint.json` is missing and terraform files exist in the census, log that terraform security checks are limited to heuristic patterns.