name	security-scan
description	Comprehensive security and compliance scanning for AWS CDK projects. Use when running security audits, checking license compliance, scanning container vulnerabilities, or running aggregated SAST/IaC/secret analysis before deployment.
license	MIT
metadata	{"author":"sample-skills-for-builders","version":"1.0.0"}

Security Scan

Comprehensive AWS CDK project security and compliance scanning with multi-tool analysis.

When to Apply

Reference this skill when:

Running security audits on CDK projects
Checking license compliance
Scanning container images for vulnerabilities
Running aggregated SAST/IaC/secret analysis (via ASH)
Generating security reports for review

How It Works

IMPORTANT: All 9 steps are mandatory. Do not skip steps regardless of time constraints.

Architecture Diagram - Capture system architecture
CDK Synthesis - Generate CloudFormation templates
Viperlight Scan - Code security analysis
License Check - Dependency license compliance
Trivy Scan - Container vulnerability scanning
ASH Scan - Automated Security Helper (aggregated SAST/IaC/secret scanners)
Deployment Verification - Validate deployment readiness
Summary Report - Generate findings summary
HTML Report - Create visual report

Prerequisites

AWS CDK project
Viperlight CLI installed
Trivy CLI installed
ASH (Automated Security Helper) - installed via uvx from https://github.com/awslabs/automated-security-helper
Docker (required for ASH container mode)

Usage

# Run security scan
"Run security scan on my CDK project"
"Check this project for vulnerabilities"
"Generate security compliance report"

Output

Results saved to security-scan-results/{TIMESTAMP}/:

Raw scan outputs per tool
clean-results/ - Parsed findings
security-report.html - Visual report

Enforcement Rules

Execute ALL scan commands (no skipping)
Fix issues found (don't just comment them)
Non-interactive execution only
Continue pipeline on individual step failures

References

Security Scan

Comprehensive AWS CDK project security and compliance scanning with multi-tool analysis.

When to Apply

Reference this skill when:

Running security audits on CDK projects

Checking license compliance

Scanning container images for vulnerabilities

Running aggregated SAST/IaC/secret analysis (via ASH)

Generating security reports for review

How It Works

IMPORTANT: All 9 steps are mandatory. Do not skip steps regardless of time constraints.

Architecture Diagram - Capture system architecture

CDK Synthesis - Generate CloudFormation templates

Viperlight Scan - Code security analysis

License Check - Dependency license compliance

Trivy Scan - Container vulnerability scanning

ASH Scan - Automated Security Helper (aggregated SAST/IaC/secret scanners)

Deployment Verification - Validate deployment readiness

Summary Report - Generate findings summary

HTML Report - Create visual report

Prerequisites

AWS CDK project

Viperlight CLI installed

Trivy CLI installed

ASH (Automated Security Helper) - installed via uvx from https://github.com/awslabs/automated-security-helper

Docker (required for ASH container mode)

Usage

# Run security scan "Run security scan on my CDK project" "Check this project for vulnerabilities" "Generate security compliance report"

Output

Results saved to security-scan-results/{TIMESTAMP}/:

Raw scan outputs per tool

clean-results/ - Parsed findings

security-report.html - Visual report

Enforcement Rules

Execute ALL scan commands (no skipping)

Fix issues found (don't just comment them)

Non-interactive execution only

Continue pipeline on individual step failures

References

security-scan

Security Scan

When to Apply

How It Works

Prerequisites

Usage

Output

Enforcement Rules

References

同仓库更多 Skills

同仓库更多 Skills

Security Scan

When to Apply

How It Works

Prerequisites

Usage

Output

Enforcement Rules

References