← ClaudeAtlas

when-auditing-security-use-security-analyzerlisted

Comprehensive security auditing across static analysis, dynamic testing, dependency vulnerabilities, secrets detection, and OWASP compliance
aiskillstore/marketplace · ★ 329 · Testing & QA · score 85
Install: claude install-skill aiskillstore/marketplace
# Security Analyzer - Comprehensive Security Auditing Skill ## Overview This skill provides multi-vector security analysis combining static code analysis, dynamic testing, dependency auditing, secrets detection, and OWASP Top 10 compliance checking. Uses coordinated agents with validation gates between phases. ## Architecture ``` Security Manager (Coordinator) ├─→ Phase 1: Static Analysis (Code Analyzer) ├─→ Phase 2: Dynamic Testing (Tester) ├─→ Phase 3: Dependency Audit (Security Manager) ├─→ Phase 4: Secrets Detection (Code Analyzer) └─→ Phase 5: Compliance Check (Security Manager) ``` ## Phase 1: Static Code Analysis ### Objective Identify code-level vulnerabilities, security anti-patterns, and unsafe practices. ### Security Manager Setup ```bash # Initialize security audit session npx claude-flow@alpha hooks pre-task --description "Security static analysis initialization" npx claude-flow@alpha hooks session-restore --session-id "security-audit-${DATE}" # Set up memory namespace npx claude-flow@alpha memory store \ --key "swarm/security/config" \ --value '{ "scan_type": "static", "severity_threshold": "medium", "frameworks": ["owasp", "cwe"], "timestamp": "'$(date -Iseconds)'" }' ``` ### Code Analyzer Execution ```bash # Spawn code analyzer agent for static analysis # Agent performs: # 1. SQL Injection Detection npx claude-flow@alpha hooks pre-task --description "SQL injection vulnerability scan" # Scan patterns: # ❌ VUL