Skip to content

Add dependency vulnerability scanner plugin #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vredchenko wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add dependency vulnerability scanner plugin #4

vredchenko wants to merge 1 commit into from

Conversation

@vredchenko
Copy link
Owner

@vredchenko vredchenko commented Feb 2, 2026

Summary

Adds a new dep-vulnerability-scanner plugin that provides comprehensive dependency vulnerability scanning capabilities using industry-standard tools.

Changes

  • Plugin registration: Added plugin entry to .claude-plugin/marketplace.json
  • Plugin metadata: Created plugin.json with plugin information
  • Documentation: Added comprehensive README covering all supported tools and usage patterns
  • Commands: Implemented four main commands:
    • /vuln-scan - Auto-detect project type and run appropriate vulnerability scanner
    • /vuln-setup - Install and configure scanning tools on the system
    • /vuln-compare - Compare different scanning tools to help users choose the right one
    • /vuln-ci-workflow - Generate GitHub Actions workflows for automated scanning

Key Features

  • Multi-tool support: Integrates with Trivy, Grype, npm audit, bun audit, and pip-audit
  • Auto-detection: Automatically detects project type (Node.js, Bun, Python, etc.) and suggests appropriate scanner
  • Universal scanning: Supports both language-specific and universal vulnerability scanners
  • CI/CD integration: Provides GitHub Actions workflow templates for automated scanning
  • Installation guidance: Includes setup instructions for multiple platforms (macOS, Linux, Docker, etc.)
  • Tool comparison: Helps users understand trade-offs between different scanning approaches

Implementation Details

  • Commands are documented in separate markdown files for maintainability
  • Comprehensive README includes quick reference guides for each tool
  • Workflow templates cover single-tool and multi-scanner approaches
  • Tool selection guide helps users pick the right scanner for their use case

https://claude.ai/code/session_01YTRyLsj2WE2CvqV3pDJQN9

@claude
Add dep-vulnerability-scanner plugin
5b75851 
Adds comprehensive plugin for dependency vulnerability scanning with:
- Trivy (universal scanner for containers, filesystems, repos)
- Grype (focused vulnerability scanner by Anchore)
- npm audit (built-in Node.js scanner with auto-fix)
- bun audit (built-in Bun.js scanner)
- pip-audit (Python scanner, supports uvx for uv users)

Commands:
- /vuln-scan: Run vulnerability scans with auto-detection
- /vuln-setup: Install and configure scanning tools
- /vuln-compare: Compare tools to choose the right one
- /vuln-ci-workflow: Generate GitHub Actions workflows

https://claude.ai/code/session_01YTRyLsj2WE2CvqV3pDJQN9
@vredchenko vredchenko mentioned this pull request Feb 7, 2026
Open
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vredchenko @claude