2025-06-24 22:46:52 +02:00
|
|
|
# /scan - Security and quality scanning
|
2025-06-22 14:02:49 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
@include shared/universal-constants.yml#Universal_Legend
|
2025-06-22 14:02:49 +02:00
|
|
|
|
2025-06-24 21:24:14 +02:00
|
|
|
## Purpose
|
2025-06-24 22:46:52 +02:00
|
|
|
Perform comprehensive security, quality, and dependency scanning on code specified in $ARGUMENTS.
|
2025-06-22 14:02:49 +02:00
|
|
|
|
2025-06-24 21:24:14 +02:00
|
|
|
## Syntax
|
|
|
|
|
`/scan [flags] [target]`
|
2025-06-22 14:02:49 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
@include shared/flag-inheritance.yml#Universal_Always
|
2025-06-22 14:02:49 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
Examples:
|
|
|
|
|
- `/scan --security` - Security vulnerability scan
|
|
|
|
|
- `/scan --deps` - Dependency audit
|
|
|
|
|
- `/scan --validate` - Full validation scan
|
|
|
|
|
- `/scan --quick` - Quick scan for critical issues
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
## Command-Specific Flags
|
|
|
|
|
--security: "Deep security vulnerability scanning (OWASP, CVEs, secrets)"
|
|
|
|
|
--deps: "Dependency vulnerability audit w/ fix recommendations"
|
|
|
|
|
--validate: "Comprehensive validation (syntax, types, logic, security)"
|
|
|
|
|
--quick: "Fast scan focusing on critical issues only"
|
|
|
|
|
--fix: "Auto-fix safe issues"
|
|
|
|
|
--strict: "Zero-tolerance mode (fail on any issue)"
|
|
|
|
|
--report: "Generate detailed report"
|
|
|
|
|
--ci: "CI-friendly output format"
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
## Scan Types
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Security Scan:** OWASP Top 10 | Injection vulnerabilities | Auth flaws | Sensitive data exposure | Hardcoded secrets | CVE database check
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Dependency Scan:** Known vulnerabilities | Outdated packages | License compliance | Supply chain risks | Transitive dependencies
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Code Quality:** Complexity metrics | Duplication | Dead code | Type safety | Best practices | Performance antipatterns
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Configuration:** Misconfigured services | Insecure defaults | Missing security headers | Exposed endpoints | Weak crypto
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
## Validation Levels
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Quick (--quick):** Critical security only | Known CVEs | Hardcoded secrets | SQL injection | XSS vulnerabilities
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Standard (default):** All security checks | Major quality issues | Dependency vulnerabilities | Configuration problems
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Strict (--strict):** Everything + minor issues | Style violations | Documentation gaps | Test coverage | Performance warnings
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
@include shared/security-patterns.yml#OWASP_Top_10
|
2025-06-24 21:24:14 +02:00
|
|
|
|
|
|
|
|
## Deliverables
|
|
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Reports:** `.claudedocs/scans/security-{timestamp}.md` | Severity classification | Fix recommendations | Risk assessment
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**Fix Scripts:** Auto-generated patches | Safe automated fixes | Manual fix instructions | Rollback procedures
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
**CI Integration:** Exit codes | JSON output | SARIF format | GitHub/GitLab integration
|
2025-06-24 21:24:14 +02:00
|
|
|
|
2025-06-24 22:46:52 +02:00
|
|
|
@include shared/universal-constants.yml#Success_Messages
|
