External/SuperClaude
1
0
Fork 0
mirror of https://github.com/SuperClaude-Org/SuperClaude_Framework.git synced 2025-12-29 16:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc8cd74cfc80c2dd386cefdfb82e79d3cabac5e9
SuperClaude/.claude/commands/scan.md
NomenAK d24503ca02 refactor: Complete SuperClaude v2 migration with @include reference system 
- Migrate all command files to use @include reference system
- Consolidate shared patterns into new yml structure
- Create central superclaude shared configuration files
- Remove deprecated markdown files (MCP.md, PERSONAS.md, RULES.md)
- Add new documentation structure in docs/
- Update installation script for new architecture
- Add ROADMAP.md and VERSION files

This completes the major architectural refactor to improve maintainability
and reduce duplication across the SuperClaude command system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-25 16:51:53 +02:00

2.4 KiB
Raw Blame History

Purpose: Security audits and validation

@include shared/universal-constants.yml#Universal_Legend

Command Execution

Execute: immediate. --plan→show plan first Legend: Generated based on symbols used in command Purpose: "[Action][Subject] in $ARGUMENTS"

Perform comprehensive security, quality, and dependency scanning on code specified in $ARGUMENTS.

@include shared/flag-inheritance.yml#Universal_Always

Examples:

  • /scan --security - Security vulnerability scan
  • /scan --deps - Dependency audit
  • /scan --validate - Full validation scan
  • /scan --quick - Quick scan for critical issues

Command-Specific Flags

--security: "Deep security vulnerability scanning (OWASP, CVEs, secrets)" --deps: "Dependency vulnerability audit w/ fix recommendations" --validate: "Comprehensive validation (syntax, types, logic, security)" --quick: "Fast scan focusing on critical issues only" --fix: "Auto-fix safe issues" --strict: "Zero-tolerance mode (fail on any issue)" --report: "Generate detailed report" --ci: "CI-friendly output format"

Scan Types

Security Scan: OWASP Top 10 | Injection vulnerabilities | Auth flaws | Sensitive data exposure | Hardcoded secrets | CVE database check

Dependency Scan: Known vulnerabilities | Outdated packages | License compliance | Supply chain risks | Transitive dependencies

Code Quality: Complexity metrics | Duplication | Dead code | Type safety | Best practices | Performance antipatterns

Configuration: Misconfigured services | Insecure defaults | Missing security headers | Exposed endpoints | Weak crypto

Validation Levels

Quick (--quick): Critical security only | Known CVEs | Hardcoded secrets | SQL injection | XSS vulnerabilities

Standard (default): All security checks | Major quality issues | Dependency vulnerabilities | Configuration problems

Strict (--strict): Everything + minor issues | Style violations | Documentation gaps | Test coverage | Performance warnings

@include shared/security-patterns.yml#OWASP_Top_10

Deliverables

Reports: .claudedocs/scans/security-{timestamp}.md | Severity classification | Fix recommendations | Risk assessment

Fix Scripts: Auto-generated patches | Safe automated fixes | Manual fix instructions | Rollback procedures

CI Integration: Exit codes | JSON output | SARIF format | GitHub/GitLab integration

@include shared/universal-constants.yml#Standard_Messages_Templates

Reference in New Issue View Git Blame Copy Permalink