External/SuperClaude
1
0
Fork 0
mirror of https://github.com/SuperClaude-Org/SuperClaude_Framework.git synced 2025-12-29 16:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bce31d52a809bcc03b8105e6e2f6a2fac9d80012
SuperClaude/.claude/commands/scan.md
NomenAK bce31d52a8 Initial commit: SuperClaude v4.0.0 configuration framework 
- Core configuration files (CLAUDE.md, RULES.md, PERSONAS.md, MCP.md)
- 17 slash commands for specialized workflows
- 25 shared YAML resources for advanced configurations
- Installation script for global deployment
- 9 cognitive personas for specialized thinking modes
- MCP integration patterns for intelligent tool usage
- Token economy and ultracompressed mode support

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-22 14:02:49 +02:00

174 lines
4.6 KiB
Markdown
Raw Blame History

## Legend
| Symbol | Meaning | | Abbrev | Meaning |
|--------|---------|---|--------|---------|
| → | leads to | | cfg | configuration |
| & | and/with | | deps | dependencies |
| w/ | with | | vuln | vulnerability |
Execute immediately. Add --plan flag if user wants to see plan first.
Scan code, ops, or systems→security vulns & safety issues in $ARGUMENTS.
Scan type w/ flags:
--validate flag:
- Pre-execution safety validation | Op risk assessment
- Permission & access checks | Quick safety verification before running commands
--security flag:
- Comprehensive security analysis
- w/ --owasp: Focus→OWASP Top 10 | w/ --deps: Deps vuln scan
- Deep security audit→code & cfg
## Validation Mode (--validate)
Pre-execution safety checks:
**Security validation**:
- Path traversal prevention | No execution outside project boundaries
- Secrets and credentials detection
- Permission verification
- Input sanitization checks
**Code validation**:
- Syntax correctness
- Import and dependency verification
- Breaking change detection
- Configuration validity
- Type safety checks
**Operation validation**:
- Git state verification
- Branch protection compliance
- Resource availability
- Rollback capability
- Blast radius assessment
**Risk assessment**:
- Calculate risk score (1-10)
- Impact analysis (data loss, downtime)
- Reversibility evaluation
- Required permissions check
- Compliance verification
Validation workflow:
1. Parse intended operation
2. Run all applicable checks
3. Generate risk score
4. Report with clear indicators:
- ✅ Pass - Safe to proceed
- ⚠️ Warning - Caution advised
- ❌ Block - Do not proceed
Integration behavior:
- Auto-trigger for risky operations
- Chain with execution: scan --validate && execute
- Block CRITICAL [10] severity issues
- Require confirmation for HIGH [7-9] risks
## Security Mode (--security)
Comprehensive security analysis:
**OWASP Top 10 checks**:
- Injection flaws (SQL, NoSQL, OS command, LDAP)
- Broken authentication and session management
- Sensitive data exposure
- XML external entities (XXE)
- Broken access control
- Security misconfiguration
- Cross-site scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
**Code security analysis**:
- Input validation gaps
- Output encoding issues
- Authentication weaknesses
- Authorization flaws
- Cryptographic problems
- Error handling leaks
- Session management
- File operation safety
**Dependency scanning**:
- Known CVE detection
- Outdated package identification
- License compliance check
- Transitive dependency analysis
- Security patch availability
- Typosquatting detection
**Configuration security**:
- Hardcoded secrets scan
- Environment variable safety
- Permission configurations
- Network exposure
- TLS/SSL settings
- CORS policies
- Security headers
**Infrastructure security**:
- Open ports and services
- Firewall rules
- Access control lists
- Encryption in transit/rest
- Backup security
- Logging configuration
## Quick Scan Options
With --quick flag:
- Fast validation for common issues
- Skip deep analysis
- Focus on critical problems
- Rapid feedback loop
With --strict flag:
- Zero-tolerance mode
- Flag all potential issues
- Enforce best practices
- Require explicit overrides
## Scan Output
Results include:
- Executive summary with risk level
- Detailed findings by category
- Severity ratings (CRITICAL/HIGH/MEDIUM/LOW)
- Specific remediation steps
- Code examples for fixes
- References to security resources
- Compliance mapping (if applicable)
Severity classification:
- **CRITICAL [10]**: Immediate action required
- **HIGH [7-9]**: Fix before deployment
- **MEDIUM [4-6]**: Address in next sprint
- **LOW [1-3]**: Best practice improvements
## Integration
Works with other commands:
- Run before deploy: `/project:scan --validate && /project:deploy`
- Security gate: `/project:scan --security --strict`
- CI/CD integration: Fail build on HIGH+ findings
- Pre-commit hooks: Quick validation
Best practices:
- Run validation before any risky operation
- Schedule regular security scans
- Track and trend findings over time
- Automate where possible
- Document exceptions with justification
Report Output:
- Safety reports: `.claudedocs/reports/safety-scan-<timestamp>.md`
- Security reports: `.claudedocs/reports/security-scan-<timestamp>.md`
- Ensure directory exists: `mkdir -p .claudedocs/reports/`
- Include report location in output: "📄 Scan report saved to: [path]"
Deliverables:
- For validate: Safety report, risk score, proceed/block recommendation
- For security: Vulnerability report, remediation guide, risk assessment, compliance status
Reference in New Issue View Git Blame Copy Permalink