security-analyzerlisted

# Security Analyzer Analyze environments for vulnerabilities, fetch current CVE/exploit data, and generate phased remediation plans with TDD validation. ## Quick Start When the user requests a security scan: 1. Run environment discovery: `python .claude/skills/security-analyzer/scripts/discover_env.py .` 2. Save output to `inventory.json` 3. Run vulnerability scan: `python .claude/skills/security-analyzer/scripts/fetch_vulns.py inventory.json` 4. Save output to `scan_results.json` 5. Generate reports: `python .claude/skills/security-analyzer/scripts/generate_report.py scan_results.json inventory.json` ## Workflow ### Phase 1: Environment Discovery Scan working directory for: - **Dependencies**: `package.json`, `requirements.txt`, `Gemfile`, `go.mod`, `Cargo.toml`, `pom.xml` - **Containers**: `Dockerfile`, `docker-compose.yml`, `kubernetes/*.yaml` - **Cloud IaC**: `terraform/*.tf`, `cloudformation/*.yaml`, `*.bicep` - **Secrets**: `.env*` files (flag exposure risk, never log values) Run the discovery script: ```bash python .claude/skills/security-analyzer/scripts/discover_env.py /path/to/project > inventory.json ``` ### Phase 2: Vulnerability Intelligence Fetch current threat data using the vulnerability scanner: ```bash python .claude/skills/security-analyzer/scripts/fetch_vulns.py inventory.json > scan_results.json ``` | Source | Priority | Use For | |--------|----------|---------| | CISA KEV | 1 | Actively exploited vulns (use WebSearch) | | NVD | 2 | CVE detail