Stats
Actions
Tags
From configure-plugin
Checks and configures security scanning for dependency audits, SAST, and secrets. Supports package.json, pyproject.toml, Cargo.toml, go.mod; sets up Dependabot, CodeQL, Gitleaks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/configure-plugin:configure-securityThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Check and configure security scanning tools for dependency audits, SAST, and secret detection.
Check and configure security scanning tools for dependency audits, SAST, and secret detection.
| Use this skill when... | Use another approach when... |
|---|---|
| Setting up dependency auditing, SAST, or secret detection for a project | Running a one-off security scan (use gitleaks detect or npm audit directly) |
| Checking project compliance with security scanning standards | Reviewing code for application-level vulnerabilities (use security-audit agent) |
| Configuring Dependabot, CodeQL, or TruffleHog in CI/CD | Managing GitHub repository security settings via the web UI |
| Creating or updating a SECURITY.md policy | Writing security documentation beyond the policy template |
| Auditing which security tools are missing from a project | Investigating a specific CVE or vulnerability |
find . -maxdepth 1 \( -name 'package.json' -o -name 'pyproject.toml' -o -name 'Cargo.toml' -o -name 'go.mod' \)find . -maxdepth 1 -name \'.gitleaks.toml\'find . -maxdepth 1 -name \'.pre-commit-config.yaml\'find . -maxdepth 1 -type d -name \'.github/workflows\'find . -maxdepth 1 -name \'.github/dependabot.yml\'find .github/workflows -maxdepth 1 -name 'codeql*'find . -maxdepth 1 -name \'SECURITY.md\'
Security scanning layers:Parse from command arguments:
--check-only: Report status without offering fixes--fix: Apply all fixes automatically without prompting--type <type>: Focus on specific security type (dependencies, sast, secrets, all)Execute this security scanning configuration check:
Verify latest versions before configuring:
Use WebSearch or WebFetch to verify current versions.
Identify project languages and existing security tools:
| Indicator | Language/Tool | Security Tools |
|---|---|---|
package.json | JavaScript/TypeScript | npm audit, Snyk |
pyproject.toml | Python | pip-audit, safety, bandit |
Cargo.toml | Rust | cargo-audit, cargo-deny |
.gitleaks.toml | gitleaks | Secret scanning |
.github/workflows/ | GitHub Actions | CodeQL, Dependabot |
Check existing security configuration across three areas:
Dependency Auditing:
SAST Scanning:
Secret Detection:
.gitleaks.tomlPrint a formatted compliance report showing status for each security component across dependency auditing, SAST scanning, secret detection, and security policies.
If --check-only is set, stop here.
For the compliance report format, see REFERENCE.md.
Based on detected language:
JavaScript/TypeScript (npm/bun):
package.json.github/dependabot.yml.github/workflows/dependency-review.ymlPython (pip-audit):
uv add --group dev pip-auditRust (cargo-audit):
cargo install cargo-audit --locked.cargo/audit.tomlFor complete configuration templates, see REFERENCE.md.
.github/workflows/codeql.yml with detected languagesuv run bandit -r src/ -f json -o bandit-report.jsonFor CodeQL workflow and Bandit configuration templates, see REFERENCE.md.
brew install gitleaks (or go install github.com/gitleaks/gitleaks/v8@latest).gitleaks.toml with project-specific allowlistsgitleaks detect --source ..pre-commit-config.yamlFor gitleaks, TruffleHog, and CI workflow configuration templates, see REFERENCE.md.
Create SECURITY.md with:
For the SECURITY.md template, see REFERENCE.md.
Create comprehensive security workflow .github/workflows/security.yml with jobs for:
Schedule weekly scans in addition to push/PR triggers.
For the CI security workflow template, see REFERENCE.md.
Update .project-standards.yaml:
components:
security: "2025.1"
security_dependency_audit: true
security_sast: true
security_secret_detection: true
security_policy: true
security_dependabot: true
Print a summary of all changes made across dependency auditing, SAST scanning, secret detection, security policy, and CI/CD integration. Include next steps for reviewing Dependabot PRs, CodeQL findings, and enabling private vulnerability reporting.
For the results report format, see REFERENCE.md.
| Context | Command |
|---|---|
| Quick compliance check | /configure:security --check-only |
| Auto-fix all security gaps | /configure:security --fix |
| Dependencies only | /configure:security --type dependencies |
| Secret detection only | /configure:security --type secrets |
| SAST scanning only | /configure:security --type sast |
| Verify secrets scan | gitleaks detect --source . --verbose |
| Flag | Description |
|---|---|
--check-only | Report status without offering fixes |
--fix | Apply all fixes automatically without prompting |
--type <type> | Focus on specific security type (dependencies, sast, secrets, all) |
/configure:workflows - GitHub Actions workflow standards/configure:pre-commit - Pre-commit hook configuration/configure:all - Run all compliance checksnpx claudepluginhub laurigates/claude-plugins --plugin configure-pluginIntegrates SAST, DAST, and SCA into CI/CD pipelines using Semgrep, Trivy, OWASP ZAP, and Gitleaks for automated security scanning.
Integrates SAST, DAST, and SCA into CI/CD pipelines using Semgrep, Trivy, OWASP ZAP, and Gitleaks for automated security scanning.
Integrates SAST (Semgrep), DAST (OWASP ZAP), SCA/container scanning (Trivy), and secrets detection (Gitleaks) into CI/CD pipelines using GitHub Actions, GitLab CI, or Jenkins. For DevSecOps setup and shift-left security.