Stats
Actions
Tags
From billy-milligan
Guides security testing setups using Snyk/Trivy for dependency scans in GitHub Actions, Semgrep SAST, Gitleaks secrets scanning, OWASP ZAP DAST, SQLi/XSS test cases, and security headers validation. Use for CI/CD pipelines, vulnerability reviews, and OWASP Top 10 testing.
How this skill is triggered — by the user, by Claude, or both
Slash command
/billy-milligan:security-testingThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Setting up security scanning in CI/CD pipeline
references/dependency-scanning.md — Snyk + Trivy GitHub Actions, severity thresholds, SARIF uploadreferences/semgrep-sast.md — Semgrep CI config, p/owasp-top-ten ruleset, p/nodejs + p/typescriptreferences/secrets-scanning.md — Gitleaks full-history scan, custom .gitleaks.toml allowlist rulesreferences/injection-test-cases.md — SQL injection payloads, response assertions, no-500 rulereferences/xss-test-cases.md — XSS payload list, stored XSS verification, content escaping checksreferences/security-headers.md — required headers test, version exposure checks, CSP validationnpx claudepluginhub rnavarych/alpha-engineer --plugin billy-milliganAutomates OWASP Top 10 vulnerability scans with Semgrep, ESLint-security, Bandit, dependency audits on JS/Python/Java codebases for security assessments and pen tests.
Integrates SAST, DAST, and SCA into CI/CD pipelines using Semgrep, Trivy, OWASP ZAP, and Gitleaks for automated security scanning.
Integrates SAST, DAST, and SCA into CI/CD pipelines using Semgrep, Trivy, OWASP ZAP, and Gitleaks for automated security scanning.