when-auditing-security-use-security-analyzer by aiskillstore
Comprehensive security auditing across static analysis, dynamic testing, dependency vulnerabilities, secrets detection, and OWASP compliance
Content & Writing
85 Stars
2 Forks
Updated Jan 19, 2026, 04:39 AM
Why Use This
This skill provides specialized capabilities for aiskillstore's codebase.
Use Cases
- Developing new features in the aiskillstore repository
- Refactoring existing code to follow aiskillstore standards
- Understanding and working with aiskillstore's codebase structure
Install Guide
2 steps- 1
Skip this step if Ananke is already installed.
- 2
Skill Snapshot
Auto scan of skill assets. Informational only.
Valid SKILL.md
Checks against SKILL.md specification
Source & Community
Skill Stats
SKILL.md 819 Lines
Total Files 1
Total Size 0 B
License NOASSERTION
---
name: when-auditing-security-use-security-analyzer
version: 1.0.0
description: Comprehensive security auditing across static analysis, dynamic testing, dependency vulnerabilities, secrets detection, and OWASP compliance
agents:
- security-manager
- code-analyzer
- tester
complexity: HIGH
triggers:
- security audit
- vulnerability scan
- penetration test
- security review
- compliance check
categories:
- security
- testing
- compliance
coordination:
topology: hierarchical
pattern: sequential-with-gates
memory_patterns:
- swarm/security/findings
- swarm/security/vulnerabilities
- swarm/security/compliance
---
# Security Analyzer - Comprehensive Security Auditing Skill
## Overview
This skill provides multi-vector security analysis combining static code analysis, dynamic testing, dependency auditing, secrets detection, and OWASP Top 10 compliance checking. Uses coordinated agents with validation gates between phases.
## Architecture
```
Security Manager (Coordinator)
├─→ Phase 1: Static Analysis (Code Analyzer)
├─→ Phase 2: Dynamic Testing (Tester)
├─→ Phase 3: Dependency Audit (Security Manager)
├─→ Phase 4: Secrets Detection (Code Analyzer)
└─→ Phase 5: Compliance Check (Security Manager)
```
## Phase 1: Static Code Analysis
### Objective
Identify code-level vulnerabilities, security anti-patterns, and unsafe practices.
### Security Manager Setup
```bash
# Initialize security audit session
npx claude-flow@alpha hooks pre-task --description "Security static analysis initialization"
npx claude-flow@alpha hooks session-restore --session-id "security-audit-${DATE}"
# Set up memory namespace
npx claude-flow@alpha memory store \
--key "swarm/security/config" \
--value '{
"scan_type": "static",
"severity_threshold": "medium",
"frameworks": ["owasp", "cwe"],
"timestamp": "'$(date -Iseconds)'"
}'
```
### Code Analyzer Execution
```bash
# Spawn code analyzer agent for static analysis
# Agent performs:
# 1. SQL Injection Detection
npx claude-flow@alpha hooks pre-task --description "SQL injection vulnerability scan"
# Scan patterns:
# ❌ VULNERABLE:
# const query = "SELECT * FROM users WHERE id = " + userId;
# db.query("SELECT * FROM " + tableName);
#
# ✅ SECURE:
# const query = "SELECT * FROM users WHERE id = ?";
# db.query(query, [userId]);
grep -rn "\.query\|\.exec" --include="*.js" --include="*.ts" . | \
grep -v "?" | grep -v "\$[0-9]" > /tmp/sql-findings.txt
# 2. XSS Vulnerability Detection
# ❌ VULNERABLE:
# element.innerHTML = userInput;
# eval(userInput);
# new Function(userInput)();
#
# ✅ SECURE:
# element.textContent = userInput;
# JSON.parse(sanitizedInput);
grep -rn "innerHTML\|eval\|new Function" --include="*.js" --include="*.jsx" . > /tmp/xss-findings.txt
# 3. Path Traversal Detection
# ❌ VULNERABLE:
# fs.readFile(userPath);
# require(userInput);
#
# ✅ SECURE:
# const safePath = path.join(baseDir, path.normalize(userPath));
# if (!safePath.startsWith(baseDir)) throw new Error('Invalid path');
grep -rn "readFile\|writeFile\|require.*\+" --include="*.js" . > /tmp/path-traversal-findings.txt
# 4. Insecure Cryptography
# ❌ VULNERABLE:
# crypto.createHash('md5');
# crypto.createCipher('des', key);
#
# ✅ SECURE:
# crypto.createHash('sha256');
# crypto.createCipheriv('aes-256-gcm', key, iv);
grep -rn "md5\|sha1\|des\|rc4" --include="*.js" --include="*.ts" . > /tmp/crypto-findings.txt
# Store findings in memory
npx claude-flow@alpha memory store \
--key "swarm/security/static-analysis" \
--value "$(cat /tmp/*-findings.txt | jq -Rs '{findings: ., timestamp: now}')"
npx claude-flow@alpha hooks post-task --task-id "static-analysis"
```
### Validation Gate 1
```bash
# Check if critical vulnerabilities found
CRITICAL_COUNT=$(cat /tmp/*-findings.txt | grep -c ".")
if [ "$CRITICAL_COUNT" -gt 0 ]; then
echo "⚠️ GATE FAILED: $CRITICAL_COUNT potential vulnerabilities found"
npx claude-flow@alpha hooks notify --message "Static analysis found $CRITICAL_COUNT issues - review required"
# Continue but flag for review
fi
```
## Phase 2: Dynamic Security Testing
### Objective
Runtime vulnerability detection through active testing and fuzzing.
### Tester Agent Execution
```bash
npx claude-flow@alpha hooks pre-task --description "Dynamic security testing"
# 1. Authentication Bypass Testing
cat > /tmp/auth-test.js << 'EOF'
// Test suite for authentication vulnerabilities
const axios = require('axios');
async function testAuthBypass() {
const tests = [
// SQL Injection in auth
{ username: "admin'--", password: "anything" },
{ username: "admin' OR '1'='1", password: "" },
// JWT manipulation
{ token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0..." }, // None algorithm
// Session fixation
{ session: "../../admin-session" },
// NoSQL injection
{ username: { "$ne": null }, password: { "$ne": null } }
];
const vulnerabilities = [];
for (const test of tests) {
try {
const response = await axios.post('http://localhost:3000/login', test);
if (response.status === 200) {
vulnerabilities.push({
type: 'AUTH_BYPASS',
severity: 'CRITICAL',
payload: test,
description: 'Authentication bypass successful'
});
}
} catch (e) {
// Expected - auth failed
}
}
return vulnerabilities;
}
module.exports = { testAuthBypass };
EOF
# 2. CSRF Testing
cat > /tmp/csrf-test.js << 'EOF'
async function testCSRF() {
const response = await axios.post('http://localhost:3000/api/transfer', {
to: 'attacker',
amount: 1000
}, {
headers: {
'Origin': 'http://evil.com',
'Referer': 'http://evil.com'
}
});
// Should be rejected without CSRF token
if (response.status === 200) {
return {
type: 'CSRF',
severity: 'HIGH',
description: 'Missing CSRF protection on state-changing operation'
};
}
}
EOF
# 3. Rate Limiting Test
cat > /tmp/rate-limit-test.js << 'EOF'
async function testRateLimit() {
const requests = [];
for (let i = 0; i < 1000; i++) {
requests.push(axios.get('http://localhost:3000/api/data'));
}
const responses = await Promise.all(requests);
const successCount = responses.filter(r => r.status === 200).length;
if (successCount > 100) {
return {
type: 'NO_RATE_LIMIT',
severity: 'MEDIUM',
description: `No rate limiting detected - ${successCount}/1000 requests succeeded`
};
}
}
EOF
# Execute dynamic tests
node /tmp/auth-test.js > /tmp/dynamic-findings.json
node /tmp/csrf-test.js >> /tmp/dynamic-findings.json
node /tmp/rate-limit-test.js >> /tmp/dynamic-findings.json
npx claude-flow@alpha memory store \
--key "swarm/security/dynamic-testing" \
--value "$(cat /tmp/dynamic-findings.json)"
npx claude-flow@alpha hooks post-task --task-id "dynamic-testing"
```
### Validation Gate 2
```bash
CRITICAL_RUNTIME=$(jq '[.[] | select(.severity == "CRITICAL")] | length' /tmp/dynamic-findings.json)
if [ "$CRITICAL_RUNTIME" -gt 0 ]; then
echo "🚨 GATE FAILED: $CRITICAL_RUNTIME critical runtime vulnerabilities"
exit 1 # Hard stop for critical runtime issues
fi
```
## Phase 3: Dependency Security Audit
### Objective
Identify known vulnerabilities (CVEs) in dependencies and supply chain risks.
### Security Manager Execution
```bash
npx claude-flow@alpha hooks pre-task --description "Dependency vulnerability scan"
# 1. NPM Audit
npm audit --json > /tmp/npm-audit.json 2>&1 || true
# 2. Check for outdated packages with known vulnerabilities
npm outdated --json > /tmp/outdated.json 2>&1 || true
# 3. License compliance check
npx license-checker --json > /tmp/licenses.json 2>&1 || true
# 4. Check for malicious packages (typosquatting)
cat package.json | jq -r '.dependencies | keys[]' | while read pkg; do
# Check against known malicious package database
if grep -q "$pkg" /tmp/malicious-packages.txt 2>/dev/null; then
echo "⚠️ MALICIOUS PACKAGE DETECTED: $pkg"
fi
done > /tmp/malicious-check.txt
# 5. SBOM (Software Bill of Materials) generation
npx @cyclonedx/cyclonedx-npm --output-file /tmp/sbom.json
# Analyze CVE severity
jq '{
critical: [.vulnerabilities | to_entries[] | select(.value.severity == "critical")],
high: [.vulnerabilities | to_entries[] | select(.value.severity == "high")],
moderate: [.vulnerabilities | to_entries[] | select(.value.severity == "moderate")],
low: [.vulnerabilities | to_entries[] | select(.value.severity == "low")],
total: .metadata.vulnerabilities
}' /tmp/npm-audit.json > /tmp/dependency-summary.json
npx claude-flow@alpha memory store \
--key "swarm/security/dependencies" \
--value "$(cat /tmp/dependency-summary.json)"
npx claude-flow@alpha hooks post-task --task-id "dependency-audit"
```
### Validation Gate 3
```bash
CRITICAL_DEPS=$(jq '.critical | length' /tmp/dependency-summary.json)
HIGH_DEPS=$(jq '.high | length' /tmp/dependency-summary.json)
if [ "$CRITICAL_DEPS" -gt 0 ]; then
echo "🚨 GATE FAILED: $CRITICAL_DEPS critical dependency vulnerabilities"
npx claude-flow@alpha hooks notify --message "Critical CVEs detected in dependencies"
exit 1
fi
if [ "$HIGH_DEPS" -gt 5 ]; then
echo "⚠️ WARNING: $HIGH_DEPS high-severity dependency vulnerabilities"
fi
```
## Phase 4: Secrets Detection
### Objective
Identify exposed secrets, API keys, credentials, and sensitive data.
### Code Analyzer Execution
```bash
npx claude-flow@alpha hooks pre-task --description "Secrets and credentials detection"
# 1. Pattern-based secret detection
cat > /tmp/secret-patterns.txt << 'EOF'
# API Keys
AKIA[0-9A-Z]{16} # AWS Access Key
AIza[0-9A-Za-z_-]{35} # Google API Key
[REDACTED-EXAMPLE-PATTERN] # Stripe Secret Key pattern
xox[baprs]-[0-9]{10,12}-[0-9]{10,12}-[a-zA-Z0-9]{24} # Slack Token
# Passwords
password\s*=\s*['"]\w+['"]
api_key\s*=\s*['"]\w+['"]
secret\s*=\s*['"]\w+['"]
# Private Keys
-----BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-----
# Database Credentials
(mongodb|postgres|mysql):\/\/[^:]+:[^@]+@
# JWT Tokens
eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}
EOF
# Scan codebase
grep -rEn -f /tmp/secret-patterns.txt \
--include="*.js" --include="*.ts" --include="*.json" --include="*.yaml" --include="*.env*" \
--exclude-dir=node_modules --exclude-dir=.git \
. > /tmp/secrets-found.txt 2>&1 || true
# 2. Entropy-based detection (random strings likely to be secrets)
find . -type f \( -name "*.js" -o -name "*.ts" -o -name "*.json" \) \
-not -path "*/node_modules/*" -not -path "*/.git/*" \
-exec grep -Eon '[A-Za-z0-9+/]{40,}' {} \; | \
awk 'length($0) > 40' > /tmp/high-entropy-strings.txt
# 3. Environment variable exposure check
grep -rn "process\.env\." --include="*.js" --include="*.ts" . | \
grep -v "process\.env\.NODE_ENV" | \
grep -v "\/\/" > /tmp/env-usage.txt
# 4. Hardcoded IP addresses and URLs
grep -rEon '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' \
--include="*.js" --include="*.ts" --include="*.json" \
. > /tmp/hardcoded-ips.txt
# Generate report
cat > /tmp/secrets-report.json << EOF
{
"secrets_found": $(wc -l < /tmp/secrets-found.txt),
"high_entropy_strings": $(wc -l < /tmp/high-entropy-strings.txt),
"env_exposures": $(wc -l < /tmp/env-usage.txt),
"hardcoded_ips": $(wc -l < /tmp/hardcoded-ips.txt),
"findings": $(cat /tmp/secrets-found.txt | jq -Rs 'split("\n") | map(select(length > 0))')
}
EOF
npx claude-flow@alpha memory store \
--key "swarm/security/secrets" \
--value "$(cat /tmp/secrets-report.json)"
npx claude-flow@alpha hooks post-task --task-id "secrets-detection"
```
### Validation Gate 4
```bash
SECRETS_COUNT=$(jq '.secrets_found' /tmp/secrets-report.json)
if [ "$SECRETS_COUNT" -gt 0 ]; then
echo "🚨 GATE FAILED: $SECRETS_COUNT potential secrets detected"
echo "Review findings in /tmp/secrets-found.txt"
exit 1
fi
```
## Phase 5: OWASP Top 10 Compliance Check
### Objective
Verify compliance with OWASP Top 10 security standards.
### Security Manager Execution
```bash
npx claude-flow@alpha hooks pre-task --description "OWASP Top 10 compliance audit"
# OWASP Top 10 2021 Checklist
cat > /tmp/owasp-compliance.json << 'EOF'
{
"A01:2021-Broken_Access_Control": {
"checks": [
"Authorization checks on all endpoints",
"IDOR prevention",
"CORS properly configured",
"Directory listing disabled"
],
"status": "pending"
},
"A02:2021-Cryptographic_Failures": {
"checks": [
"No sensitive data in transit without TLS",
"Strong encryption algorithms (AES-256, SHA-256+)",
"Secure key management",
"No hardcoded secrets"
],
"status": "pending"
},
"A03:2021-Injection": {
"checks": [
"Parameterized queries for SQL",
"Input validation and sanitization",
"No eval() or dangerous functions",
"NoSQL injection prevention"
],
"status": "pending"
},
"A04:2021-Insecure_Design": {
"checks": [
"Threat modeling performed",
"Security requirements documented",
"Secure coding patterns used",
"Defense in depth implemented"
],
"status": "pending"
},
"A05:2021-Security_Misconfiguration": {
"checks": [
"Default credentials changed",
"Unnecessary features disabled",
"Security headers configured",
"Error messages don't leak info"
],
"status": "pending"
},
"A06:2021-Vulnerable_Components": {
"checks": [
"All dependencies up to date",
"No known CVEs in dependencies",
"SBOM maintained",
"Regular security scanning"
],
"status": "pending"
},
"A07:2021-Auth_AuthZ_Failures": {
"checks": [
"Strong password policy",
"MFA available",
"Session management secure",
"No credential stuffing vulnerability"
],
"status": "pending"
},
"A08:2021-Software_Data_Integrity": {
"checks": [
"CI/CD pipeline secured",
"Code signing implemented",
"Integrity verification",
"No untrusted deserialization"
],
"status": "pending"
},
"A09:2021-Logging_Monitoring_Failures": {
"checks": [
"Security events logged",
"Log aggregation configured",
"Alerting set up",
"Audit trails maintained"
],
"status": "pending"
},
"A10:2021-SSRF": {
"checks": [
"URL validation on user input",
"Network segmentation",
"Whitelist for external requests",
"No blind SSRF vulnerabilities"
],
"status": "pending"
}
}
EOF
# Automated compliance checks
# A01: Access Control
if grep -rq "req\.user\|req\.session" --include="*.js" .; then
if grep -rq "if.*\.role\|authorize\|checkPermission" --include="*.js" .; then
jq '.["A01:2021-Broken_Access_Control"].status = "pass"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
else
jq '.["A01:2021-Broken_Access_Control"].status = "fail"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
fi
fi
# A02: Cryptographic Failures (check from Phase 1 findings)
if [ ! -s /tmp/crypto-findings.txt ]; then
jq '.["A02:2021-Cryptographic_Failures"].status = "pass"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
else
jq '.["A02:2021-Cryptographic_Failures"].status = "fail"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
fi
# A03: Injection (check from Phase 1 findings)
if [ ! -s /tmp/sql-findings.txt ] && [ ! -s /tmp/xss-findings.txt ]; then
jq '.["A03:2021-Injection"].status = "pass"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
else
jq '.["A03:2021-Injection"].status = "fail"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
fi
# A05: Security Misconfiguration
if grep -rq "helmet\|cors" package.json; then
jq '.["A05:2021-Security_Misconfiguration"].status = "pass"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
fi
# A06: Vulnerable Components (from Phase 3)
if [ "$(jq '.critical | length' /tmp/dependency-summary.json)" -eq 0 ]; then
jq '.["A06:2021-Vulnerable_Components"].status = "pass"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
else
jq '.["A06:2021-Vulnerable_Components"].status = "fail"' /tmp/owasp-compliance.json > /tmp/owasp-temp.json
mv /tmp/owasp-temp.json /tmp/owasp-compliance.json
fi
# Generate compliance score
TOTAL_CHECKS=$(jq '[.[].status] | length' /tmp/owasp-compliance.json)
PASSED_CHECKS=$(jq '[.[].status | select(. == "pass")] | length' /tmp/owasp-compliance.json)
COMPLIANCE_SCORE=$(echo "scale=2; $PASSED_CHECKS / $TOTAL_CHECKS * 100" | bc)
jq ". + {compliance_score: $COMPLIANCE_SCORE, total_checks: $TOTAL_CHECKS, passed: $PASSED_CHECKS}" \
/tmp/owasp-compliance.json > /tmp/owasp-final.json
npx claude-flow@alpha memory store \
--key "swarm/security/owasp-compliance" \
--value "$(cat /tmp/owasp-final.json)"
npx claude-flow@alpha hooks post-task --task-id "owasp-compliance"
```
### Validation Gate 5
```bash
COMPLIANCE_SCORE=$(jq '.compliance_score' /tmp/owasp-final.json)
if (( $(echo "$COMPLIANCE_SCORE < 70" | bc -l) )); then
echo "🚨 GATE FAILED: OWASP compliance score $COMPLIANCE_SCORE% (minimum 70%)"
exit 1
fi
echo "✅ OWASP Compliance: $COMPLIANCE_SCORE%"
```
## Final Report Generation
```bash
# Consolidate all findings
cat > /tmp/security-audit-report.json << EOF
{
"timestamp": "$(date -Iseconds)",
"summary": {
"static_analysis": $(cat /tmp/*-findings.txt | wc -l),
"dynamic_vulnerabilities": $(jq 'length' /tmp/dynamic-findings.json 2>/dev/null || echo 0),
"dependency_cves": $(jq '.total' /tmp/dependency-summary.json 2>/dev/null || echo 0),
"secrets_exposed": $(jq '.secrets_found' /tmp/secrets-report.json 2>/dev/null || echo 0),
"owasp_compliance": $(jq '.compliance_score' /tmp/owasp-final.json 2>/dev/null || echo 0)
},
"details": {
"static_analysis": $(npx claude-flow@alpha memory retrieve --key "swarm/security/static-analysis"),
"dynamic_testing": $(npx claude-flow@alpha memory retrieve --key "swarm/security/dynamic-testing"),
"dependencies": $(npx claude-flow@alpha memory retrieve --key "swarm/security/dependencies"),
"secrets": $(npx claude-flow@alpha memory retrieve --key "swarm/security/secrets"),
"owasp": $(npx claude-flow@alpha memory retrieve --key "swarm/security/owasp-compliance")
},
"recommendations": []
}
EOF
# Generate markdown report
cat > /tmp/SECURITY-AUDIT-REPORT.md << 'EOF'
# Security Audit Report
**Generated:** $(date)
**Scan Duration:** [calculated from hooks]
## Executive Summary
| Metric | Count | Status |
|--------|-------|--------|
| Static Vulnerabilities | $(cat /tmp/*-findings.txt | wc -l) | $([ $(cat /tmp/*-findings.txt | wc -l) -eq 0 ] && echo "✅ PASS" || echo "⚠️ REVIEW") |
| Runtime Vulnerabilities | $(jq 'length' /tmp/dynamic-findings.json) | $([ $(jq 'length' /tmp/dynamic-findings.json) -eq 0 ] && echo "✅ PASS" || echo "🚨 FAIL") |
| Dependency CVEs | $(jq '.total' /tmp/dependency-summary.json) | $([ $(jq '.critical | length' /tmp/dependency-summary.json) -eq 0 ] && echo "✅ PASS" || echo "🚨 FAIL") |
| Exposed Secrets | $(jq '.secrets_found' /tmp/secrets-report.json) | $([ $(jq '.secrets_found' /tmp/secrets-report.json) -eq 0 ] && echo "✅ PASS" || echo "🚨 FAIL") |
| OWASP Compliance | $(jq '.compliance_score' /tmp/owasp-final.json)% | $([ $(echo "$(jq '.compliance_score' /tmp/owasp-final.json) >= 70" | bc) -eq 1 ] && echo "✅ PASS" || echo "🚨 FAIL") |
## Detailed Findings
### 1. Static Code Analysis
[Detailed findings from /tmp/*-findings.txt]
### 2. Dynamic Security Testing
[Detailed findings from /tmp/dynamic-findings.json]
### 3. Dependency Vulnerabilities
[Detailed findings from /tmp/dependency-summary.json]
### 4. Secrets Detection
[Detailed findings from /tmp/secrets-report.json]
### 5. OWASP Top 10 Compliance
[Detailed findings from /tmp/owasp-final.json]
## Recommendations
1. **Critical Priority:**
- Fix all critical runtime vulnerabilities immediately
- Remove exposed secrets from codebase
- Update dependencies with critical CVEs
2. **High Priority:**
- Address SQL injection vulnerabilities
- Implement missing authentication checks
- Configure security headers
3. **Medium Priority:**
- Improve OWASP compliance score
- Add rate limiting
- Enhance logging and monitoring
## Remediation Guide
[Specific code examples and fixes for each vulnerability type]
EOF
# Store final report
npx claude-flow@alpha memory store \
--key "swarm/security/final-report" \
--value "$(cat /tmp/security-audit-report.json)"
# End session
npx claude-flow@alpha hooks session-end --export-metrics true
echo "✅ Security audit complete. Report: /tmp/SECURITY-AUDIT-REPORT.md"
```
## Usage Examples
### Full Security Audit
```bash
npx claude-flow@alpha skill run when-auditing-security-use-security-analyzer
```
### Specific Phase
```bash
npx claude-flow@alpha skill run when-auditing-security-use-security-analyzer --phase static-analysis
npx claude-flow@alpha skill run when-auditing-security-use-security-analyzer --phase secrets-detection
```
### Custom Configuration
```bash
npx claude-flow@alpha skill run when-auditing-security-use-security-analyzer \
--config '{
"severity_threshold": "high",
"skip_phases": ["dynamic-testing"],
"frameworks": ["owasp", "cwe", "sans-25"]
}'
```
## Memory Patterns
This skill uses hierarchical memory storage:
```
swarm/security/
├─ config # Scan configuration
├─ static-analysis # Phase 1 findings
├─ dynamic-testing # Phase 2 findings
├─ dependencies # Phase 3 findings
├─ secrets # Phase 4 findings
├─ owasp-compliance # Phase 5 findings
└─ final-report # Consolidated report
```
## Real-World Examples
### Example 1: SQL Injection Found
```javascript
// ❌ VULNERABLE CODE DETECTED:
app.get('/user', (req, res) => {
const query = `SELECT * FROM users WHERE id = ${req.query.id}`;
db.query(query, (err, results) => {
res.json(results);
});
});
// ✅ RECOMMENDED FIX:
app.get('/user', (req, res) => {
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [req.query.id], (err, results) => {
if (err) return res.status(500).json({ error: 'Database error' });
res.json(results);
});
});
```
### Example 2: Exposed API Key
```javascript
// ❌ VULNERABLE CODE DETECTED:
const apiKey = 'EXAMPLE_REDACTED_NOT_REAL_KEY';
axios.get('https://api.stripe.com/v1/charges', {
headers: { 'Authorization': `Bearer ${apiKey}` }
});
// ✅ RECOMMENDED FIX:
const apiKey = process.env.STRIPE_SECRET_KEY;
if (!apiKey) throw new Error('STRIPE_SECRET_KEY not configured');
axios.get('https://api.stripe.com/v1/charges', {
headers: { 'Authorization': `Bearer ${apiKey}` }
});
```
### Example 3: Missing Authorization
```javascript
// ❌ VULNERABLE CODE DETECTED:
app.delete('/api/users/:id', (req, res) => {
User.findByIdAndDelete(req.params.id)
.then(() => res.json({ success: true }))
.catch(err => res.status(500).json({ error: err.message }));
});
// ✅ RECOMMENDED FIX:
app.delete('/api/users/:id', authenticate, authorize('admin'), (req, res) => {
// Verify user can only delete their own account or is admin
if (req.user.id !== req.params.id && req.user.role !== 'admin') {
return res.status(403).json({ error: 'Forbidden' });
}
User.findByIdAndDelete(req.params.id)
.then(() => res.json({ success: true }))
.catch(err => res.status(500).json({ error: err.message }));
});
```
## Performance Metrics
- **Static Analysis:** ~30-60 seconds for 10k LOC
- **Dynamic Testing:** ~2-5 minutes with server startup
- **Dependency Audit:** ~10-20 seconds
- **Secrets Detection:** ~15-30 seconds for 10k LOC
- **OWASP Compliance:** ~5-10 seconds
**Total Duration:** ~5-10 minutes for comprehensive audit
## Integration with CI/CD
```yaml
# .github/workflows/security-audit.yml
name: Security Audit
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- run: npm ci
- run: npx claude-flow@alpha skill run when-auditing-security-use-security-analyzer
- uses: actions/upload-artifact@v3
with:
name: security-report
path: /tmp/SECURITY-AUDIT-REPORT.md
```
## Exit Codes
- `0` - All checks passed
- `1` - Critical vulnerabilities found (hard stop)
- `2` - High-severity issues found (warning)
- `3` - Configuration error
- `4` - Scan incomplete
## Support
For issues or questions about this skill:
1. Check `/tmp/security-audit-report.json` for detailed diagnostics
2. Review memory at `swarm/security/*` for intermediate results
3. Consult OWASP documentation for specific vulnerability types
Name Size