---
name: vulnerability-scanning
description: >
  Automated vulnerability detection using OWASP tools, CVE databases, and
  security scanners. Use when performing security audits, compliance checks, or
  continuous security monitoring.
---

# Vulnerability Scanning

## Table of Contents

- [Overview](#overview)
- [When to Use](#when-to-use)
- [Quick Start](#quick-start)
- [Reference Guides](#reference-guides)
- [Best Practices](#best-practices)

## Overview

Systematically identify security vulnerabilities in applications, dependencies, and infrastructure using automated scanning tools and manual security assessments.

## When to Use

- Pre-deployment security checks
- Continuous security monitoring
- Compliance audits (PCI-DSS, SOC 2)
- Dependency vulnerability detection
- Container security scanning
- Infrastructure security assessment

## Quick Start

Minimal working example:

```javascript
// scanner.js - Comprehensive vulnerability scanning
const { exec } = require("child_process");
const util = require("util");
const fs = require("fs").promises;

const execPromise = util.promisify(exec);

class VulnerabilityScanner {
  constructor() {
    this.results = {
      dependencies: [],
      code: [],
      docker: [],
      secrets: [],
    };
  }

  async scanDependencies() {
    console.log("Scanning dependencies with npm audit...");

    try {
      const { stdout } = await execPromise("npm audit --json");
      const auditResults = JSON.parse(stdout);

      for (const [name, advisory] of Object.entries(
// ... (see reference guides for full implementation)
```

## Reference Guides

Detailed implementations in the `references/` directory:

| Guide | Contents |
|---|---|
| [Node.js Vulnerability Scanner](references/nodejs-vulnerability-scanner.md) | Node.js Vulnerability Scanner |
| [Python OWASP Scanner](references/python-owasp-scanner.md) | Python OWASP Scanner |
| [CI/CD Integration - GitHub Actions](references/cicd-integration-github-actions.md) | CI/CD Integration - GitHub Actions |

## Best Practices

### ✅ DO

- Automate scans in CI/CD
- Scan dependencies regularly
- Use multiple scanning tools
- Set severity thresholds
- Track vulnerability trends
- Scan containers and images
- Monitor CVE databases
- Document false positives

### ❌ DON'T

- Skip vulnerability scanning
- Ignore low severity issues
- Trust single scanning tool
- Bypass security gates
- Commit secrets to repos