vulnerability-scanning▌
aj-geddes/useful-ai-prompts · updated Apr 8, 2026
Systematically identify security vulnerabilities in applications, dependencies, and infrastructure using automated scanning tools and manual security assessments.
Vulnerability Scanning
Table of Contents
Overview
Systematically identify security vulnerabilities in applications, dependencies, and infrastructure using automated scanning tools and manual security assessments.
When to Use
- Pre-deployment security checks
- Continuous security monitoring
- Compliance audits (PCI-DSS, SOC 2)
- Dependency vulnerability detection
- Container security scanning
- Infrastructure security assessment
Quick Start
Minimal working example:
// scanner.js - Comprehensive vulnerability scanning
const { exec } = require("child_process");
const util = require("util");
const fs = require("fs").promises;
const execPromise = util.promisify(exec);
class VulnerabilityScanner {
constructor() {
this.results = {
dependencies: [],
code: [],
docker: [],
secrets: [],
};
}
async scanDependencies() {
console.log("Scanning dependencies with npm audit...");
try {
const { stdout } = await execPromise("npm audit --json");
const auditResults = JSON.parse(stdout);
for (const [name, advisory] of Object.entries(
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Node.js Vulnerability Scanner | Node.js Vulnerability Scanner |
| Python OWASP Scanner | Python OWASP Scanner |
| CI/CD Integration - GitHub Actions | CI/CD Integration - GitHub Actions |
Best Practices
✅ DO
- Automate scans in CI/CD
- Scan dependencies regularly
- Use multiple scanning tools
- Set severity thresholds
- Track vulnerability trends
- Scan containers and images
- Monitor CVE databases
- Document false positives
❌ DON'T
- Skip vulnerability scanning
- Ignore low severity issues
- Trust single scanning tool
- Bypass security gates
- Commit secrets to repos
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★74 reviews- ★★★★★Zaid Desai· Dec 28, 2024
Keeps context tight: vulnerability-scanning is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Yusuf Li· Dec 16, 2024
We added vulnerability-scanning from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Michael Bhatia· Dec 16, 2024
Useful defaults in vulnerability-scanning — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Amelia Farah· Dec 4, 2024
I recommend vulnerability-scanning for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Zaid Dixit· Nov 27, 2024
Solid pick for teams standardizing on skills: vulnerability-scanning is focused, and the summary matches what you get after install.
- ★★★★★Rahul Santra· Nov 23, 2024
vulnerability-scanning has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Ira Harris· Nov 23, 2024
Keeps context tight: vulnerability-scanning is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Maya Harris· Nov 19, 2024
I recommend vulnerability-scanning for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Amelia Yang· Nov 7, 2024
vulnerability-scanning reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Maya Martin· Nov 7, 2024
vulnerability-scanning is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
showing 1-10 of 74