/*
LEEWAY HEADER — DO NOT REMOVE

REGION: DEV.ANALYSIS
TAG: DEV.ANALYSIS.SECURITY_VULNERABILITY_SCANNING

COLOR_ONION_HEX:
NEON=#FF1493
FLUO=#FF69B4
PASTEL=#E8F5E9

ICON_ASCII:
family=lucide
glyph=zap

5WH:
WHAT = security vulnerability scanning skill for Leeway-compliant AI systems
WHY = Provides capabilities for code-analysis within the AIskills ecosystem
WHO = Leeway Industries (By Leonard Jerome Lee)
WHERE = skills/code-analysis/security-vulnerability-scanning/SKILL.md
WHEN = 2026
HOW = Leeway-governed skill.md definition with structured capabilities and tags

AGENTS:
ASSESS
AUDIT

ASSIGNED_SACRED_AGENTS:
L6_Execution: SyntaxForge.ts

LICENSE:
MIT
*/

> **SOVEREIGN ALIGNMENT:** This skill is strictly executed by L6_Execution: SyntaxForge.ts. No unassigned Clones may natively execute this without Hive Mind routing.


# Security Vulnerability Scanning

**Expert in**: Identifying security vulnerabilities through automated scanning, analysis, and remediation.

## Capabilities

- Implement SAST (Static Application Security Testing)
- Deploy DAST (Dynamic Application Security Testing)
- Manage dependency scanning and CVE tracking
- Implement container image scanning
- Create secret detection systems
- Analyze infrastructure misconfigurations
- Build security scorecard systems
- Implement automated remediation workflows

## Use this skill when:

- Finding security vulnerabilities automatically
- Scanning dependencies for CVEs
- Compliance and audit requirements
- Pre-deployment security checking
- Infrastructure security verification
- Container security
- Secret management
- Continuous security monitoring

## Key techniques

- Semgrep for static analysis
- OWASP ZAP for dynamic testing
- Snyk, Dependabot for dependency scanning
- Trivy for container scanning
- SonarQube for code quality and security
- GitGuardian for secret detection
- Terraform security scanning
- Supply chain security (SBOM, provenance)

## Tags

`security` `vulnerability` `scanning` `sast` `dast` `compliance`