Skills
.Work. You
Rest

security-scanning-workflows

Official

Unified security scanning for CI/CD pipelines

Software Engineering#security#github-actions#ci-cd#codeql#trivy#sarif#dependency-review
Authoradaptive-enforcement-lab
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Organizations struggle to ensure code safety and compliance across CI/CD pipelines as they push changes rapidly. This skill provides ready-to-use security scanning workflows that cover SAST with CodeQL, dependency scanning, container image scanning, and SARIF reporting to GitHub Security tab, enabling faster risk visibility and governance.

Core Features & Use Cases

  • SAST with CodeQL for code-level vulnerability detection across languages
  • Dependency scanning with license and vulnerability checks in PRs
  • Container image scanning with Trivy before deployment
  • SARIF upload to GitHub Security tab for centralized findings
  • Security gates and minimal permissions to block risky changes
  • Works across push and PR workflows, on main/develop branches

Quick Start

Integrate the multi-scan workflow into your repo by applying the example Security Scanning workflow in your workflows directory.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-scanning-workflows
Download link: https://github.com/adaptive-enforcement-lab/claude-skills/archive/main.zip#security-scanning-workflows

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.