security audit and vulnerability scanning

📁 shunsukehayashi/miyabi-claude-plugins 📅 Jan 1, 1970

总安装量

周安装量

#28713

全站排名

安装命令

npx skills add https://github.com/shunsukehayashi/miyabi-claude-plugins --skill Security Audit and Vulnerability Scanning

Skill 文档

ð Security Audit and Vulnerability Scanning

Version: 2.0.0 Last Updated: 2025-11-22 Priority: ââââ (P1 Level) Purpose: åæ¬çã»ãã¥ãªãã£ç£æ»ã¨èå¼±æ§ã¹ãã£ã³

ð æ¦è¦

ð¯ P0: å¼ã³åºãããªã¬ã¼

ããªã¬ã¼	ä¾
èå¼±æ§ã¹ãã£ã³	“scan for security vulnerabilities”
CVEç¢ºèª	“are there any CVEs?”
ã³ã¼ãç£æ»	“audit the codebase”
ãããã¤å	“before production deployment”
å®æç£æ»	“weekly security check”

ð§ P1: ã»ãã¥ãªãã£ãã¼ã«ä¸è¦§

ãã¼ã«åªåé ä½

ãã¼ã«	ç¨é	é »åº¦	ã³ãã³ã
`cargo-audit`	ä¾åé¢ä¿CVE	é«	`cargo audit`
`cargo-deny`	ããªã·ã¼å¼·å¶	é«	`cargo deny check`
`cargo-geiger`	unsafeæ¤åº	ä¸	`cargo geiger`
`gitleaks`	ã·ã¼ã¯ã¬ããæ¤åº	é«	`gitleaks detect`
`cargo-supply-chain`	ãµãã©ã¤ãã§ã¼ã³	ä½	`cargo supply-chain`

ð P2: ç£æ»ãã¿ã¼ã³

Pattern 1: ãã«ã»ãã¥ãªãã£ç£æ»

# Step 1: ä¾åé¢ä¿èå¼±æ§
cargo audit

# Step 2: ããªã·ã¼ãã§ãã¯
cargo deny check

# Step 3: unsafeä½¿ç¨é
cargo geiger --output-format Json

# Step 4: ã·ã¼ã¯ã¬ããæ¤åº
gitleaks detect --source . --verbose

# Step 5: ãµãã©ã¤ãã§ã¼ã³
cargo supply-chain crates

Pattern 2: ã¯ã¤ãã¯ç£æ»ï¼CIç¨ï¼

# æå°éã®ãã§ãã¯ï¼2-3åï¼
cargo audit && cargo deny check advisories

Pattern 3: Clippy ã»ãã¥ãªãã£ãªã³ã

# ã»ãã¥ãªãã£é¢é£è¦å
cargo clippy -- \
  -D warnings \
  -W clippy::all \
  -W clippy::pedantic \
  -A clippy::missing_errors_doc

â¡ P3: èå¼±æ§å¯¾å¿

éå¤§åº¦å¥å¯¾å¿

éå¤§åº¦	å¯¾å¿æé	ã¢ã¯ã·ã§ã³
Critical	å³æ	ãããã¤åæ¢ãå³æä¿®æ£
High	24æé	åªåä¿®æ£ãåé¿çæ¤è¨
Medium	1é±é	è¨ç»çä¿®æ£
Low	1ã¶æ	æ¬¡åã¢ãããã¼ãæ

ä¾åé¢ä¿æ´æ°

# ç¹å®ã¯ã¬ã¼ãæ´æ°
cargo update -p vulnerable-crate

# Cargo.toml ãã¼ã¸ã§ã³æå®
[dependencies]
vulnerable-crate = ">=1.2.3"  # ä¿®æ£çä»¥é

ð deny.tomlè¨å®ä¾

[advisories]
db-path = "~/.cargo/advisory-db"
vulnerability = "deny"
unmaintained = "warn"

[licenses]
allow = ["MIT", "Apache-2.0", "BSD-3-Clause"]
copyleft = "deny"

[bans]
multiple-versions = "warn"
wildcards = "deny"

[sources]
allow-git = []

ð¡ï¸ ã·ã¼ã¯ã¬ããç®¡ç

æ¤åºãã¿ã¼ã³

ãã¿ã¼ã³	ä¾	ã¢ã¯ã·ã§ã³
AWS Key	`AKIA...`	å³æç¡å¹å
GitHub Token	`ghp_...`	å³æç¡å¹å
API Key	`sk-...`	å³æç¡å¹å
Private Key	`-----BEGIN`	ãªãã¸ããªãããã¼ã¸

èª¤ã³ãããå¯¾å¿

# ãã¡ã¤ã«åé¤
git rm --cached secrets.json
git commit --amend --no-edit

# å±¥æ´ãããã¼ã¸ï¼éå¤§ãªå ´åï¼
git filter-repo --invert-paths --path secrets.json

â æååºæº

ãã§ãã¯é ç®	åºæº
`cargo audit`	0 vulnerabilities
`cargo deny`	0 denied
`cargo geiger`	unsafeæå°å
`gitleaks`	0 secrets

åºåãã©ã¼ããã

ð Security Audit Results

â Dependencies: 0 vulnerabilities
â Policy: All checks passed
â ï¸ Unsafe: 5 blocks (3rd party only)
â Secrets: No leaks detected

Ready for production â

ð é¢é£Skills

Rust Development: ãã«ãåè³ª
Dependency Management: ä¾åé¢ä¿æ´æ°
Debugging: ã»ãã¥ãªãã£åé¡èª¿æ»

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

security audit and vulnerability scanning

Skill 文档

ð Security Audit and Vulnerability Scanning

ð æ¦è¦

ð¯ P0: å¼ã³åºãããªã¬ã¼

ð§ P1: ã»ã­ã¥ãªãã£ãã¼ã«ä¸è¦§

ãã¼ã«åªå é ä½

ð P2: ç£æ»ãã¿ã¼ã³

Pattern 1: ãã«ã»ã­ã¥ãªãã£ç£æ»

Pattern 2: ã¯ã¤ãã¯ç£æ»ï¼CIç¨ï¼

Pattern 3: Clippy ã»ã­ã¥ãªãã£ãªã³ã

â¡ P3: èå¼±æ§å¯¾å¿

éå¤§åº¦å¥å¯¾å¿

ä¾å­é¢ä¿æ´æ°

ð deny.tomlè¨­å®ä¾

ð¡ï¸ ã·ã¼ã¯ã¬ããç®¡ç

æ¤åºãã¿ã¼ã³

èª¤ã³ãããå¯¾å¿

â æååºæº

åºåãã©ã¼ããã

ð é¢é£Skills

ð Security Audit and Vulnerability Scanning

ð æ¦è¦

ð¯ P0: å¼ã³åºãããªã¬ã¼

ð§ P1: ã»ãã¥ãªãã£ãã¼ã«ä¸è¦§

ãã¼ã«åªåé ä½

ð P2: ç£æ»ãã¿ã¼ã³

Pattern 1: ãã«ã»ãã¥ãªãã£ç£æ»

Pattern 2: ã¯ã¤ãã¯ç£æ»ï¼CIç¨ï¼

Pattern 3: Clippy ã»ãã¥ãªãã£ãªã³ã

â¡ P3: èå¼±æ§å¯¾å¿

éå¤§åº¦å¥å¯¾å¿

ä¾åé¢ä¿æ´æ°

ð deny.tomlè¨å®ä¾

ð¡ï¸ ã·ã¼ã¯ã¬ããç®¡ç

æ¤åºãã¿ã¼ã³

èª¤ã³ãããå¯¾å¿

â æååºæº

åºåãã©ã¼ããã

ð é¢é£Skills