### Install and Register Shield Plugin Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt Instructions for cloning the repository, running the automated installer, and registering the tool as a Claude Code plugin. ```bash git clone https://github.com/alissonlinneker/shield-claude-skill.git cd shield-claude-skill chmod +x install.sh ./install.sh /plugin marketplace add /path/to/shield-claude-skill /plugin install shield@shield-security ``` -------------------------------- ### Install and Register Shield Claude Skill Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md Commands to install the skill via an automated script, manually manage dependencies, or register the plugin within the Claude Code environment. ```bash git clone https://github.com/alissonlinneker/shield-claude-skill.git cd shield-claude-skill chmod +x install.sh ./install.sh ``` ```bash # macOS (Homebrew) brew install semgrep gitleaks trivy jq # Linux (pip + apt) pip install semgrep pip-audit apt install gitleaks jq apt install trivy ``` ```bash # Plugin Registration /plugin marketplace add alissonlinneker/shield-claude-skill /plugin install shield@shield-security /plugin list ``` -------------------------------- ### Install and Configure Shield Plugin Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md Instructions for setting up the Shield security plugin within the Claude Code environment. This includes cloning the repository, installing dependencies, and registering the plugin for use. ```bash # 1. Clone and install security tools git clone https://github.com/alissonlinneker/shield-claude-skill.git cd shield-claude-skill && ./install.sh # 2. Register the marketplace in Claude Code (run inside Claude Code) /plugin marketplace add /path/to/shield-claude-skill # 3. Install the plugin /plugin install shield@shield-security # 4. Open any project and run /shield:shield ``` ```bash claude --plugin-dir /path/to/shield-claude-skill # Then inside Claude Code: /shield:shield ``` -------------------------------- ### Run Single Test Suite with Bash Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/CLAUDE.md Runs a specific unit test suite for the Shield skill, focusing on the 'detect-stack' functionality. This allows for targeted testing of individual components. ```bash #!/usr/bin/env bash bash tests/test-detect-stack.sh ``` -------------------------------- ### Run Tests via npm Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/CLAUDE.md Initiates the test execution for the Shield skill using npm (Node Package Manager). This command relies on the test scripts defined in the project's package.json file. ```bash #!/usr/bin/env bash npm test ``` -------------------------------- ### Validate Security Tool Prerequisites Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt Executes a check on the environment to ensure required security tools like Semgrep and Gitleaks are installed and available. ```bash ./scripts/check-prereqs.sh ``` -------------------------------- ### Run All Tests with Bash Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/CLAUDE.md Executes all unit tests for the Shield skill using a bash script. This command is part of the testing suite designed to ensure the integrity of the security tool integrations. ```bash #!/usr/bin/env bash bash tests/run-tests.sh ``` -------------------------------- ### Run Shannon Autonomous Penetration Testing Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt The `run-shannon.sh` script orchestrates autonomous penetration testing using Shannon. It manages workflows and collects reports. Key parameters include the Shannon installation path, target URL, repository name, configuration file, and output directory. Progress is reported to stderr, and the final report path is returned to stdout. ```bash # Run Shannon pentest against a target ./scripts/run-shannon.sh \ --shannon-path ~/shannon \ --url https://staging.example.com \ --repo my-app \ --config configs/shannon-templates/web-app.yaml \ --output-dir /tmp/shield-reports # Example progress output (stderr): # [Shannon] Starting scan... # [Shannon] URL: https://staging.example.com # [Shannon] Repo: my-app # [Shannon] Config: configs/shannon-templates/web-app.yaml # [Shannon] Workflow ID: abc123 # [Shannon] Progress: 25% (scanning) # [Shannon] Progress: 50% (exploiting) # [Shannon] Progress: 75% (reporting) # [Shannon] Scan completed! # [Shannon] Report saved to: /tmp/shield-reports/shannon-report-20240115-143022.json # Returns report path to stdout: # /tmp/shield-reports/shannon-report-20240115-143022.json ``` -------------------------------- ### Calculate Security Risk Score Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md Mathematical examples demonstrating how the Shield skill calculates the security risk score based on weighted penalties for findings. ```text Score = max(0, 100 - Penalties) # Example A 100 - (1x15 + 5x8 + 2x3) = 39/100 (CRITICAL RISK) # Example B 100 - (0 + 2x8 + 4x3 + 3x1) = 69/100 (HIGH RISK) ``` -------------------------------- ### Gitleaks Hardcoded Secret Detection Example Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt This JSON output represents findings from Gitleaks, a tool that detects hardcoded secrets in code repositories. It includes details such as severity, title, file, line number, and the detected secret snippet. The example shows a critical finding for a hardcoded AWS access key ID. ```json { "tool": "gitleaks", "findings": [ { "severity": "CRITICAL", "title": "Hardcoded secret: aws-access-key-id", "description": "Secret detected by rule: aws-access-key-id", "file": "config/production.js", "line": 12, "end_line": 12, "column": 5, "code_snippet": "AKIA****REDACTED****XYZ", "rule_id": "aws-access-key-id", "entropy": 4.5, "commit": "abc123def456", "author": "developer@example.com", "date": "2024-01-15", "cwe": "CWE-798", "owasp": "A02:2021", "source_tool": "gitleaks", "tags": ["secrets", "hardcoded-credentials"] } ], "summary": { "total": 1, "by_rule": {"aws-access-key-id": 1} } } ``` -------------------------------- ### Custom Semgrep Rules for JavaScript/TypeScript Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt These custom Semgrep rules are designed to detect common security vulnerabilities in JavaScript and TypeScript code. The provided examples focus on identifying potential SQL injection through string concatenation or template literals and Cross-Site Scripting (XSS) vulnerabilities related to innerHTML assignments. These rules help in proactively identifying and mitigating security risks. ```yaml # configs/semgrep-rules/javascript.yaml # Example: SQL Injection detection rule rules: - id: js-sql-injection-concatenation patterns: - pattern-either: - pattern: | $DB.query("..." + $INPUT + "...", ...) - pattern: | $DB.query(`...${$INPUT}...`, ...) - pattern: | $DB.execute("..." + $INPUT + "...", ...) - pattern: | $DB.execute(`...${$INPUT}...`, ...) message: > SQL query built with string concatenation or template literals. Use parameterized queries instead. severity: ERROR languages: [javascript, typescript] metadata: cwe: "CWE-89" owasp: "A03:2021 Injection" confidence: HIGH impact: CRITICAL category: security # Example: XSS detection rule - id: js-xss-innerhtml patterns: - pattern: | $EL.innerHTML = $INPUT - pattern-not: | $EL.innerHTML = "..." message: > Setting innerHTML with dynamic content can lead to XSS. Use textContent or a sanitization library such as DOMPurify. severity: WARNING languages: [javascript, typescript] metadata: cwe: "CWE-79" owasp: "A03:2021 Injection" ``` -------------------------------- ### Shannon Pentest Templates for Web Applications Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt These YAML templates provide pre-configured settings for penetration testing various application architectures using the Shannon tool. The 'web-app.yaml' template is tailored for server-rendered applications like Express, Django, or Laravel, defining authentication methods, crawl depth, and common attack vectors. The 'api-only.yaml' template is designed for headless APIs and microservices, specifying API discovery methods and relevant attack types. ```yaml # configs/shannon-templates/web-app.yaml # For server-rendered web applications (Express, Django, Laravel, Rails) name: web-app-pentest target_type: web_application authentication: enabled: true method: session_cookie crawl: max_depth: 5 follow_redirects: true respect_robots_txt: false attacks: - sql_injection - xss_reflected - xss_stored - path_traversal - command_injection - ssrf - authentication_bypass # configs/shannon-templates/api-only.yaml # For headless APIs and microservices name: api-pentest target_type: api authentication: enabled: true method: bearer_token header: Authorization endpoints: discovery: openapi openapi_path: /api/docs attacks: - sql_injection - nosql_injection - idor - mass_assignment - rate_limiting - jwt_vulnerabilities ``` -------------------------------- ### Detect Project Technology Stack Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt Analyzes a project directory to identify programming languages, frameworks, package managers, and infrastructure configurations like Docker. ```bash ./scripts/detect-stack.sh . ``` -------------------------------- ### Run Static Analysis (SAST) Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt Executes Semgrep-based static analysis on specific project directories for defined languages, outputting normalized JSON findings. ```bash ./scripts/run-sast.sh /path/to/project javascript ./scripts/run-sast.sh /path/to/project python ./scripts/run-sast.sh /path/to/project php ``` -------------------------------- ### Complete Security Assessment Workflow (Bash) Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt This Bash script outlines a full end-to-end security assessment workflow using Shield. It includes steps for checking prerequisites, detecting the technology stack, running various security scanners in parallel, consolidating findings, and calculating a security score. ```bash #!/bin/bash # Full Shield security assessment workflow PROJECT_PATH="/path/to/your/project" OUTPUT_DIR="/tmp/shield-scan-$(date +%Y%m%d)" mkdir -p "$OUTPUT_DIR" # Step 1: Check prerequisites echo "Checking prerequisites..." ./scripts/check-prereqs.sh > "$OUTPUT_DIR/prereqs.json" # Step 2: Detect technology stack echo "Detecting stack..." STACK=$(./scripts/detect-stack.sh "$PROJECT_PATH") echo "$STACK" > "$OUTPUT_DIR/stack.json" # Extract values for subsequent steps LANGUAGE=$(echo "$STACK" | jq -r '.languages[0]') PKG_MANAGER=$(echo "$STACK" | jq -r '.package_manager') # Step 3: Run all scanners in parallel echo "Running security scanners..." # SAST ./scripts/run-sast.sh "$PROJECT_PATH" "$LANGUAGE" \ > "$OUTPUT_DIR/sast.json" 2>/dev/null & SAST_PID=$! # Secrets ./scripts/run-secrets.sh "$PROJECT_PATH" \ > "$OUTPUT_DIR/secrets.json" 2>/dev/null & SECRETS_PID=$! # SCA ./scripts/run-sca.sh "$PROJECT_PATH" "$PKG_MANAGER" \ > "$OUTPUT_DIR/sca.json" 2>/dev/null & SCA_PID=$! # Outdated check ./scripts/run-outdated.sh "$PROJECT_PATH" "$PKG_MANAGER" \ > "$OUTPUT_DIR/outdated.json" 2>/dev/null & OUTDATED_PID=$! # Wait for all scanners wait $SAST_PID $SECRETS_PID $SCA_PID $OUTDATED_PID # Step 4: Consolidate findings echo "Consolidating findings..." ./scripts/consolidate.sh \ "$OUTPUT_DIR/sast.json" \ "$OUTPUT_DIR/secrets.json" \ "$OUTPUT_DIR/sca.json" \ > "$OUTPUT_DIR/consolidated.json" # Step 5: Calculate security score echo "Calculating security score..." ./scripts/calculate-score.sh "$OUTPUT_DIR/consolidated.json" \ > "$OUTPUT_DIR/score.json" # Display results SCORE=$(jq -r '.score' "$OUTPUT_DIR/score.json") RISK=$(jq -r '.risk_level' "$OUTPUT_DIR/score.json") TOTAL=$(jq -r '.total_findings' "$OUTPUT_DIR/score.json") echo "" echo "==========================================" echo "Security Score: $SCORE/100 — $RISK RISK" echo "Total Findings: $TOTAL" echo "Report saved to: $OUTPUT_DIR" echo "==========================================" ``` -------------------------------- ### Node.js Project Quick Scan Report Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md This snippet shows the output of a quick security scan on a Node.js project using JavaScript and TypeScript. It details the detected stack, security score, vulnerability counts by severity, top findings with remediation advice, and a summary of outdated dependencies. ```text Stack detected: JavaScript, TypeScript, Next.js, React (pnpm) Security Score: 0/100 — CRITICAL RISK [ ] 0/100 | Severity | Count | |----------|-------| | CRITICAL | 1 | | HIGH | 20 | | MEDIUM | 5 | | LOW | 3 | Top findings: [CRITICAL] SHIELD-001: fast-xml-parser regex injection bypass (CWE-185) Package: fast-xml-parser | Fix: Update to 4.4.1+ [HIGH] SHIELD-002: brace-expansion ReDoS (CWE-1333) Package: brace-expansion | Fix: Update to 2.0.1+ [HIGH] SHIELD-003: tar hardlink path traversal (CWE-22) Package: tar | Fix: Update to 6.2.1+ [HIGH] SHIELD-004: micromatch ReDoS via recursive patterns (CWE-1333) Package: micromatch | Fix: Update to 4.0.8+ Outdated dependencies: 47 packages behind latest MAJOR: 12 packages (breaking changes, potential security risk) MINOR: 18 packages (may include security fixes) PATCH: 17 packages (bug fixes, security patches) ``` -------------------------------- ### Vulnerability Proof of Concept Template Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/templates/issue.md A placeholder block used to demonstrate the reproduction steps for a detected security vulnerability. It is conditionally rendered based on the availability of POC data. ```text {{#if POC}} ### Proof of Concept ``` {{POC}} ``` {{/if}} ``` -------------------------------- ### Run Software Composition Analysis (SCA) with npm, yarn, pip, composer Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt The `run-sca.sh` script audits dependencies for vulnerabilities using various package managers. It supports npm, yarn, pnpm, pip, and composer. The script takes the project path and package manager as arguments and outputs a JSON report detailing findings. ```bash # Audit npm dependencies ./scripts/run-sca.sh /path/to/project npm # Audit yarn dependencies ./scripts/run-sca.sh /path/to/project yarn # Audit Python dependencies ./scripts/run-sca.sh /path/to/project pip # Audit PHP dependencies ./scripts/run-sca.sh /path/to/project composer # Example output (npm): { "tool": "npm-audit", "package_manager": "npm", "findings": [ { "severity": "CRITICAL", "title": "Vulnerable dependency: fast-xml-parser", "description": "fast-xml-parser regex injection bypass", "package": "fast-xml-parser", "installed_version": "4.2.0", "vulnerable_range": "<4.4.1", "recommendation": "Update to fast-xml-parser@4.4.1", "cwe": null, "owasp": "A06:2021", "source_tool": "npm-audit", "file": "package.json", "line": null } ], "summary": { "total": 1 } } ``` -------------------------------- ### Generate Security Badge (Bash) Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt This Bash script demonstrates how to generate a dynamic security badge JSON file after a scan and how to embed it into a README.md file using shields.io. ```bash # Generate badge JSON after a scan ./scripts/generate-badge.sh /tmp/consolidated.json > shield-badge.json # shield-badge.json content: { "schemaVersion": 1, "label": "Shield Score", "message": "85/100", "color": "yellow" } # Add to README.md: ![Shield Score](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2FYOUR_USER%2FYOUR_REPO%2Fmain%2Fshield-badge.json&query=%24.message&label=Shield%20Score&style=flat) ``` -------------------------------- ### Detect Project Stack Configuration Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/SKILL.md Executes the stack detection script to identify languages, frameworks, and package managers. Returns a JSON object containing project metadata used for configuring subsequent security scans. ```json { "languages": ["javascript", "typescript"], "frameworks": ["express", "react"], "package_manager": "npm", "has_dockerfile": true, "has_docker_compose": true, "entry_points": ["src/index.ts", "src/app.ts"] } ``` -------------------------------- ### Invoke Shield Claude Skill Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/docs/self-scan-report.md Commands to initialize and run the Shield plugin within the Claude Code environment. ```bash claude --plugin-dir /path/to/shield-claude-skill # Inside Claude Code: /shield:shield ``` -------------------------------- ### Check for Outdated Dependencies with npm, pip Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt The `run-outdated.sh` script identifies outdated dependencies in a project, classifying them by severity (MAJOR, MINOR, PATCH). It can optionally cross-reference with SCA findings to flag vulnerable packages. The script supports npm and pip, taking the project path and package manager as arguments. ```bash # Check outdated npm packages ./scripts/run-outdated.sh /path/to/project npm # Check with SCA cross-reference (marks vulnerable packages as SECURITY severity) ./scripts/run-outdated.sh /path/to/project npm --sca-file /tmp/sca-findings.json # Check Python packages ./scripts/run-outdated.sh /path/to/project pip # Example output: { "tool": "outdated-check", "package_manager": "npm", "outdated": [ { "package": "lodash", "current": "4.17.15", "wanted": "4.17.21", "latest": "4.17.21", "severity": "PATCH", "behind": "6 patch" }, { "package": "express", "current": "4.18.0", "wanted": "4.18.2", "latest": "5.0.0", "severity": "MAJOR", "behind": "1 major, 2 patch" } ], "summary": { "total": 2, "security": 0, "major": 1, "minor": 0, "patch": 1 } } ``` -------------------------------- ### Consolidate Security Tool Outputs Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt The `consolidate.sh` script merges findings from multiple security tools into a single, unified report. It handles deduplication, assigns SHIELD-XXX IDs, and sorts findings by severity. The script accepts the paths to the JSON output files of various tools as arguments. ```bash # Consolidate findings from multiple tools ./scripts/consolidate.sh \ /tmp/semgrep-output.json \ /tmp/gitleaks-output.json \ /tmp/npm-audit-output.json ``` -------------------------------- ### Execute Shield Security Scanners via Bash Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/docs/self-scan-report.md A sequence of shell commands to execute security analysis tools including SAST, secret detection, and score consolidation. These scripts process the project directory and output findings to temporary JSON files for final badge generation. ```bash SCRIPTS=scripts PROJECT=. bash $SCRIPTS/check-prereqs.sh bash $SCRIPTS/detect-stack.sh "$PROJECT" bash $SCRIPTS/run-sast.sh "$PROJECT" javascript > /tmp/sast.json 2>/dev/null bash $SCRIPTS/run-secrets.sh "$PROJECT" > /tmp/secrets.json 2>/dev/null bash $SCRIPTS/consolidate.sh /tmp/sast.json /tmp/secrets.json > /tmp/consolidated.json 2>/dev/null bash $SCRIPTS/calculate-score.sh /tmp/consolidated.json bash $SCRIPTS/generate-badge.sh /tmp/consolidated.json > shield-badge.json ``` -------------------------------- ### Add Security Badge to README Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md Markdown syntax to display the Shield security score badge using shields.io dynamic JSON integration. ```markdown ![Shield Score](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2FYOUR_USER%2FYOUR_REPO%2Fmain%2Fshield-badge.json&query=%24.message&label=Shield%20Score&style=flat) ``` -------------------------------- ### Scan Repository for Secrets Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt Uses Gitleaks to perform a deep scan of the repository history to detect hardcoded secrets and sensitive information. ```bash ./scripts/run-secrets.sh /path/to/project ``` -------------------------------- ### Execute Shield Security Scans Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt Commands to trigger various security scan modes including quick assessments, full penetration testing, auto-remediation, and verification. ```bash /shield:shield quick /shield:shield full /shield:shield URL=https://your-app.com /shield:shield fix /shield:shield verify /shield:shield score /shield:shield outdated ``` -------------------------------- ### Shield Security Report Template Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt This markdown template uses a Handlebars-style syntax to generate comprehensive security assessment reports. It includes placeholders for project details, scan information, a security scorecard with risk breakdown, and a section for listing detailed findings. This template allows for customizable and structured reporting of security scan results. ```markdown # Security Assessment Report — {{PROJECT_NAME}} **Date:** {{SCAN_DATE}} **Mode:** {{SCAN_MODE}} **Stack:** {{DETECTED_STACK}} **Tools Used:** {{TOOLS_USED}} --- ## Security Scorecard **Score: {{SCORE}}/100 — {{RISK_LEVEL}}** | Severity | Count | Points Deducted | |----------|-------|-----------------| | CRITICAL | {{CRITICAL_COUNT}} | -{{CRITICAL_DEDUCTION}} | | HIGH | {{HIGH_COUNT}} | -{{HIGH_DEDUCTION}} | | MEDIUM | {{MEDIUM_COUNT}} | -{{MEDIUM_DEDUCTION}} | | LOW | {{LOW_COUNT}} | -{{LOW_DEDUCTION}} | --- ## Findings {{#each FINDINGS}} ``` -------------------------------- ### OWASP Top 10 to Compliance Framework Mapping (JavaScript) Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt This JavaScript object maps OWASP Top 10 vulnerabilities to compliance frameworks like SOC 2, PCI-DSS, and CWE. It helps in understanding the compliance impact of identified security issues. ```javascript const complianceMapping = { "A01 Broken Access Control": { soc2: ["CC6.1", "CC6.3"], pciDss: ["6.5.8", "7.1"], cwe: [22, 284, 285, 639] }, "A02 Cryptographic Failures": { soc2: ["CC6.1", "CC6.7"], pciDss: ["3.4", "4.1", "6.5.3"], cwe: [259, 327, 328] }, "A03 Injection": { soc2: ["CC6.1"], pciDss: ["6.5.1"], cwe: [20, 74, 79, 89] }, "A06 Vulnerable Components": { soc2: ["CC6.1"], pciDss: ["6.3.2"], cwe: [1035] }, "A10 SSRF": { soc2: ["CC6.1"], pciDss: ["6.5.9"], cwe: [918] } }; ``` -------------------------------- ### Execute Security Assessment Commands Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md Common commands used to interact with the Shield skill for security scanning, remediation, and reporting. ```bash /shield:shield full /shield:shield quick /shield:shield fix /shield:shield verify /shield:shield score /shield:shield outdated ``` -------------------------------- ### PHP Project Clean Scan Report Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md This snippet represents a clean security scan report for a PHP project using Laravel and Composer. It indicates a perfect security score with no vulnerabilities found and all dependencies up to date. ```text Stack detected: PHP, Laravel, Composer, Docker Security Score: 100/100 — LOW RISK [##############################] 100/100 | Severity | Count | |----------|-------| | CRITICAL | 0 | | HIGH | 0 | | MEDIUM | 0 | | LOW | 0 | No vulnerabilities found across all scanners. All dependencies are up to date. ``` -------------------------------- ### Generate Security Score Badge Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md Generates a JSON badge file from a consolidated scan report. This file can be committed to a repository to display a dynamic security score badge. ```bash bash /path/to/shield-claude-skill/scripts/generate-badge.sh /tmp/consolidated.json > shield-badge.json ``` -------------------------------- ### Execute Security Scanning Scripts Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/SKILL.md Individual shell scripts used to trigger specific security analysis tools including SAST, secrets detection, and package auditing. These scripts are invoked with project-specific parameters to perform targeted security checks. ```bash scripts/run-sast.sh scripts/run-secrets.sh scripts/run-sca.sh scripts/run-outdated.sh ``` -------------------------------- ### Consolidated Security Scan JSON Output Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md This JSON output provides a detailed, consolidated view of security scan findings. It includes a list of identified vulnerabilities with their severity, source, location, and recommendations, along with metadata about the scan and a summary of findings by severity, tool, and CWE. ```json { "findings": [ { "id": "SHIELD-001", "severity": "CRITICAL", "title": "SQL Injection in UserRepository", "cwe": "CWE-89", "owasp": "A03:2021", "source_tool": "semgrep", "file": "src/repositories/user.ts", "line": 45, "evidence": "db.query(`SELECT * FROM users WHERE id = ${req.params.id}`)", "recommendation": "Use parameterized queries", "status": "new" } ], "metadata": { "scan_date": "2026-03-11", "scan_timestamp": "2026-03-11T14:30:00Z", "tools_used": ["semgrep", "gitleaks", "npm-audit"], "tools_skipped": ["shannon"], "total_files_scanned": 142 }, "summary": { "total": 29, "by_severity": { "critical": 1, "high": 20, "medium": 5, "low": 3 }, "by_tool": { "semgrep": 8, "gitleaks": 0, "npm-audit": 21 }, "by_cwe": { "CWE-89": 1, "CWE-1333": 5, "CWE-22": 3 } } } ``` -------------------------------- ### Vulnerability Remediation Diff Template Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/templates/issue.md A template block for displaying suggested code changes to mitigate security findings. It utilizes diff syntax to highlight additions and removals required to patch the vulnerability. ```diff ### Proposed Fix ```diff {{FIX_DIFF}} ``` ``` -------------------------------- ### Calculate Security Score from JSON Source: https://context7.com/alissonlinneker/shield-claude-skill/llms.txt This bash script computes a weighted security risk score (0-100) from a consolidated JSON file of security findings. It can accept the JSON data either as a file path or piped from standard input. The output includes the calculated score, risk level, and a breakdown of findings by severity. ```bash # Calculate score from consolidated JSON file ./scripts/calculate-score.sh /tmp/consolidated.json # Or pipe from stdin cat /tmp/consolidated.json | ./scripts/calculate-score.sh ``` -------------------------------- ### Consolidated Security Findings Schema Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/SKILL.md The normalized JSON structure produced by the consolidation script. It aggregates findings from multiple security tools into a single report, including metadata and specific vulnerability details. ```json { "findings": [ { "id": "SHIELD-001", "severity": "CRITICAL", "title": "SQL Injection in UserRepository", "cwe": "CWE-89", "owasp": "A03:2021", "source_tool": "shannon", "file": "src/repositories/user.ts", "line": 45, "evidence": "...", "poc": "curl -X POST ...", "status": "exploited" } ], "metadata": { "scan_date": "2026-03-11", "mode": "full", "tools_used": ["shannon", "semgrep", "gitleaks", "npm-audit"], "tools_skipped": [] } } ``` -------------------------------- ### Security Scorecard Breakdown JSON Source: https://github.com/alissonlinneker/shield-claude-skill/blob/main/README.md This JSON object details the breakdown of a security scorecard. It includes the overall score, maximum possible score, risk level, and a granular breakdown of findings by severity, including their count, weight, and deduction from the total score. ```json { "score": 45, "max_score": 100, "risk_level": "HIGH", "breakdown": { "critical": { "count": 1, "weight": 15, "deduction": 15 }, "high": { "count": 3, "weight": 8, "deduction": 24 }, "medium": { "count": 4, "weight": 3, "deduction": 12 }, "low": { "count": 4, "weight": 1, "deduction": 4 } }, "total_deduction": 55, "total_findings": 12 } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.