// Workflow for auditing security vulnerabilities using trivy, osv-scanner, and trunk.
Broadly and deeply analyze user intent (avoiding XY problems) and evaluate multiple solution approaches (default 5) with scores from 0 to 100.
Comprehensive workflow for creating, implementing, and validating Agent Skills. Use when asked to "create a new skill", "author a skill", "add a capability", or when standardizing project-specific workflows. Support for platform detection (Cursor, Claude Code, Gemini CLI, Codex) and template selection.
Manage Architecture Decision Records (ADRs) using adr-tools. Use this to initialize, create, list, and link ADRs to document architectural evolution.
Manage changelogs using Changie. Provides tools to initialize, add change fragments, batch releases, and merge version notes.
Workflow for auditing security vulnerabilities using trivy, osv-scanner, and trunk.
Update README.md to reflect changes in project structure, skills, and agents. Use when new components are added or architecture changes.
| name | general-security-audit |
| description | Workflow for auditing security vulnerabilities using trivy, osv-scanner, and trunk. |
This skill provides a comprehensive workflow for identifying security vulnerabilities in the codebase using industry-standard tools.
Before starting the audit, ensure the following tools are installed:
trivy (Container and filesystem vulnerability scanner)osv-scanner (Google's vulnerability scanner for open-source dependencies)trunk (Integrated security and linting platform)If any tools are missing, install them using the following commands. If Homebrew (brew) is available, it is the recommended method.
Using Homebrew (macOS/Linux):
brew install trivy osv-scanner trunk
Manual Installation:
trivy)Run a filesystem scan to catch vulnerabilities and hard-coded secrets in configuration files, source code, and project structure. By default, trivy fs scans for both vulnerabilities and secrets.
# Scan for vulnerabilities and secrets
trivy fs .
# (Optional) Scan for misconfigurations in IaC and config files
trivy config .
osv-scanner)Perform a deep scan of your project's dependencies against the OSV database using the scan source command.
osv-scanner scan source -r .
trunk)Run integrated security checks. trunk check executes all enabled linters. You may need to enable specific security scanners like trivy first.
# Enable trivy if not already enabled
trunk check enable trivy
# Run security checks on modified files
trunk check
# Run on all files
trunk check --all --scope security
After running the tools, compile a report in the following structure:
[Brief overview of the security posture]
| Tool | Severity | Component | Description | Recommendation |
|---|---|---|---|---|
| [Tool Name] | [Critical/High/Med/Low] | [File/Dependency] | [Issue Description] | [Fix/Mitigation] |