### Custom Security Category Examples: GraphQL Security Source: https://github.com/anthropics/claude-code-security-review/blob/main/docs/custom-security-scan-instructions.md Example of custom security categories focused on GraphQL, detailing checks for query depth attacks, field-level authorization bypass, and introspection data leakage. ```text **GraphQL Security:** - Query depth attacks allowing unbounded recursion - Field-level authorization bypass - Introspection data leakage in production ``` -------------------------------- ### Custom Security Category Examples: Payment Processing Source: https://github.com/anthropics/claude-code-security-review/blob/main/docs/custom-security-scan-instructions.md Example of custom security categories for payment processing, focusing on vulnerabilities like transaction replay, currency manipulation, and refund process bypass. ```text **Payment Processing:** - Transaction replay vulnerabilities - Currency conversion manipulation - Refund process bypass ``` -------------------------------- ### Custom Security Category Examples: GDPR Compliance Source: https://github.com/anthropics/claude-code-security-review/blob/main/docs/custom-security-scan-instructions.md Example of custom security categories tailored for GDPR compliance, including checks for personal data processing, data retention limits, and data portability. ```text **GDPR Compliance:** - Personal data processing without consent mechanisms - Missing data retention limits - Lack of data portability APIs ``` -------------------------------- ### Python Script for Security Audit Prompt Templates Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `prompts.py` script contains the templates for constructing security audit prompts that are sent to the Claude API. These prompts are carefully designed to guide Claude in identifying specific types of security vulnerabilities. ```python # Security audit prompt templates ``` -------------------------------- ### Python Dependencies File Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `requirements.txt` file lists all the Python dependencies required for the project. This ensures that the environment is set up correctly with all necessary libraries for the action to function. ```python # Python dependencies ``` -------------------------------- ### Workflow for Custom Security Scan Instructions Source: https://github.com/anthropics/claude-code-security-review/blob/main/docs/custom-security-scan-instructions.md This snippet shows how to configure the Claude Code Security Reviewer Action in a workflow to include custom security scan instructions from a specified file. ```yaml - uses: anthropics/claude-code-security-review@main with: custom-security-scan-instructions: .github/custom-security-categories.txt ``` -------------------------------- ### Run Project Tests with Pytest Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md This command navigates to the project directory and executes all tests using the pytest framework. It's a standard way to validate the functionality of the codebase during development or after changes. ```bash cd claude-code-security-review # Run all tests pytest claudecode -v ``` -------------------------------- ### Use Custom False Positive Filtering Instructions in Workflow Source: https://github.com/anthropics/claude-code-security-review/blob/main/docs/custom-filtering-instructions.md This snippet demonstrates how to integrate custom false positive filtering instructions into your GitHub Actions workflow by referencing a local file. Ensure the specified file path correctly points to your filtering instructions. ```yaml - uses: anthropics/claude-code-security-review@main with: false-positive-filtering-instructions: .github/false-positive-filtering.txt ``` -------------------------------- ### Python Test Suites Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `test_*.py` files contain the unit and integration tests for the project. These tests are crucial for verifying the functionality and reliability of the security review action and its various components. ```python # Test suites ``` -------------------------------- ### Run SAST Evaluation on a GitHub PR Source: https://github.com/anthropics/claude-code-security-review/blob/main/claudecode/evals/README.md Executes the SAST evaluation tool for a specified GitHub pull request. Requires Python and the Claude Code Security library. Takes a PR specification as input and supports verbose logging. ```bash python -m claudecode.evals.run_eval example/repo#123 --verbose ``` -------------------------------- ### Evaluation Tooling for Testing CC Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `evals/` directory contains tooling used for evaluating Claude Code (CC) on arbitrary pull requests. This allows developers to test the effectiveness of the security analysis on different codebases and scenarios. ```python # Eval tooling to test CC on arbitrary PRs ``` -------------------------------- ### GitHub Actions Workflow for Security Review Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md This YAML configuration sets up a GitHub Actions workflow to automatically trigger a security review for pull requests. It checks out the code, uses the 'anthropics/claude-code-security-review' action, and requires the 'CLAUDE_API_KEY' secret for authentication. The action is configured to leave comments on pull requests. ```yaml name: Security Review permissions: pull-requests: write # Needed for leaving PR comments contents: read on: pull_request: jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: 2 - uses: anthropics/claude-code-security-review@main with: comment-pr: true claude-api-key: ${{ secrets.CLAUDE_API_KEY }} ``` -------------------------------- ### Python Script for Claude API Client Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `claude_api_client.py` script handles the interaction with the Anthropic Claude API. It is responsible for sending code analysis requests and receiving responses. This module is crucial for leveraging Claude's capabilities for security vulnerability detection. ```python # Claude API client for false positive filtering ``` -------------------------------- ### Python Script for JSON Parsing Utilities Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `json_parser.py` script provides utilities for robust JSON parsing. This is essential for handling the structured data returned by the Claude API and for generating output files, ensuring data integrity and proper formatting. ```python # Robust JSON parsing utilities ``` -------------------------------- ### Python Script for False Positive Filtering Logic Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `findings_filter.py` script implements the logic for filtering out false positives from the security findings. This module helps to reduce noise and improve the accuracy of the security review by focusing on significant vulnerabilities. ```python # False positive filtering logic ``` -------------------------------- ### Python Script for GitHub Action Auditing Source: https://github.com/anthropics/claude-code-security-review/blob/main/README.md The `github_action_audit.py` script is the main component for conducting security audits within GitHub Actions. It orchestrates the process of analyzing code changes using Claude, generating findings, and potentially filtering false positives. This script relies on other modules within the project for API interaction, prompt management, and JSON parsing. ```python # Main audit script for GitHub Actions ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.