Skip to content

Commit d1940c7

Browse files
mwbrooksmwbrooks
committed
chore: add snyk security scan skill
1 parent 783ac1a commit d1940c7

2 files changed

Lines changed: 47 additions & 0 deletions

File tree

.claude/settings.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
"Bash(make build:*)",
3030
"Bash(make lint:*)",
3131
"Bash(make test:*)",
32+
"Bash(snyk:*)",
3233
"Bash(mkdir:*)",
3334
"Bash(tree:*)",
3435
"Bash(vhs:*)",

.claude/skills/snyk/SKILL.md

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
---
2+
name: snyk
3+
description: Run Snyk security scans to find dependency vulnerabilities and source code issues. Use for monthly security reviews or when checking for new vulnerabilities.
4+
---
5+
6+
Run a Snyk security scan on this project.
7+
8+
## 1. Check prerequisites
9+
10+
Run `which snyk` to verify Snyk is installed. If not found, tell the user to install it with `brew install snyk` or `npm install -g snyk`.
11+
12+
Run `snyk auth check` or `snyk whoami` to verify authentication. If not authenticated, tell the user to run `! snyk auth` to log in interactively.
13+
14+
## 2. Run `snyk test` (dependency vulnerabilities — primary scan)
15+
16+
Run `snyk test` to scan Go module dependencies for known vulnerabilities.
17+
18+
**This is the most important scan.** Summarize the results:
19+
20+
- Group vulnerabilities by severity: **Critical > High > Medium > Low**
21+
- For each vulnerability, note:
22+
- The affected package and version
23+
- Whether a fix is available (upgrade path exists) or requires waiting on the upstream maintainer
24+
- For fixable issues, propose the specific `go get` upgrade commands
25+
- For unfixable issues, note them as "waiting on upstream" — these are deferred
26+
27+
## 3. Run `snyk code test` (source code analysis — secondary scan)
28+
29+
Run `snyk code test` to scan the project's own Go source code for security issues.
30+
31+
**This scan is optional and secondary.** Summarize the results:
32+
33+
- Group findings by severity
34+
- Identify which issues are simple/quick to fix vs. complex
35+
- Focus on simple fixes that can be resolved quickly
36+
37+
## 4. Present a prioritized action plan
38+
39+
Combine both scan results into a single prioritized plan:
40+
41+
1. **Fix now** — dependency upgrades with available fixes (propose commands)
42+
2. **Fix now** — simple source code issues from `snyk code test`
43+
3. **Defer** — dependency vulnerabilities waiting on upstream fixes
44+
4. **Defer** — complex source code issues that need more investigation
45+
46+
Ask the user which items they'd like to tackle, then help resolve them.

0 commit comments

Comments
 (0)