一键导入
vulnerability-management
Systematic vulnerability lifecycle management with SLAs aligned with OWASP, NIST, and CIS Controls for Node.js/TypeScript
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Systematic vulnerability lifecycle management with SLAs aligned with OWASP, NIST, and CIS Controls for Node.js/TypeScript
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
C4 architecture model, security architecture, Mermaid diagrams, SECURITY_ARCHITECTURE.md, and comprehensive documentation per Hack23 Secure Development Policy
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
EU AI Act compliance, OWASP LLM security, responsible AI practices for parliamentary data and MCP server applications
Enforce code quality with ESLint, TypeScript strict mode, Knip unused detection, and quality gates for MCP servers
ISO 27001, NIST CSF 2.0, CIS Controls v8.1, EU CRA compliance mapping, multi-standard alignment per Hack23 ISMS policies
Contribution process with PR workflow, code review standards, commit conventions, and open source best practices
| name | vulnerability-management |
| description | Systematic vulnerability lifecycle management with SLAs aligned with OWASP, NIST, and CIS Controls for Node.js/TypeScript |
| license | Apache-2.0 |
Systematic procedures for vulnerability discovery, remediation, and tracking in TypeScript/Node.js MCP server projects.
| Severity | CVSS Score | SLA | Escalation |
|---|---|---|---|
| 🔴 Critical | 9.0-10.0 | 7 days | Immediate |
| 🟠 High | 7.0-8.9 | 30 days | Within 1 day |
| 🟡 Medium | 4.0-6.9 | 90 days | Weekly review |
| 🟢 Low | 0.1-3.9 | 180 days | Monthly review |
# Automated detection
npm audit # npm advisory check
npx knip # unused dependency detection
# + GitHub Dependabot alerts
# + CodeQL security scanning
# + GitHub secret scanning
# Create remediation branch
git checkout -b security/CVE-2024-XXXXX
# Update dependency
npm update affected-package
# or
npm install affected-package@patched-version
# Verify
npm audit
npm test
npm run build
| Framework | Controls |
|---|---|
| ISO 27001:2022 | A.8.8 - Technical Vulnerability Management |
| NIST CSF 2.0 | DE.CM-8 - Vulnerability scans performed |
| CIS Controls v8 | Control 7 - Continuous Vulnerability Management |
| OWASP Top 10 | A06 - Vulnerable and Outdated Components |
Core policies:
Supporting policies:
| Severity | CVSS | Target Fix Window |
|---|---|---|
| Critical | 9.0–10.0 | 7 days |
| High | 7.0–8.9 | 30 days |
| Medium | 4.0–6.9 | 90 days |
| Low | 0.1–3.9 | 180 days |