### SecureCoder Update Available Example Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-update/SKILL.md Example output when an update is available, showing installed and latest versions, release date, and notes. Includes the command to upgrade. ```text Update available. Installed: v1.0.0 Latest: v1.1.0 (v1.1.0 — False-positive suppression) Released: 2026-05-14T15:30:00Z (1 days ago) Notes: https://github.com/nerdy-krishna/securecoder/releases/tag/v1.1.0 To upgrade: npx skills@latest add nerdy-krishna/securecoder Your team-shared config (.securecoder/config.json), suppressions (.securecoder/suppressions.json), and scan history (.securecoder/runs/) are preserved across upgrades. ``` -------------------------------- ### Example SecureCoder Config JSON Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-setup.md This is an example of the `.securecoder/config.json` file generated by the setup wizard. It includes schema version, frameworks, and various configuration settings. ```json { "schema_version": "1.1", "frameworks": ["asvs-v5"], "baseline_enabled": true, "framework_fit": { "poor_fit_threshold_pct": 15 }, "severity_floor": "low", "default_fix_scope": ["critical", "high"], "git": { "push_strategy": "commit-local-push-at-end" }, "languages": ["python", "typescript"], "rule_pins": {}, "tools": {}, "custom_sources": [] } ``` -------------------------------- ### Follow-up Commands After Setup Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-setup.md After configuring SecureCoder, you can run these commands to audit existing code or start a new project in supervision mode. ```bash /securecoder-scan # to audit existing code ``` ```bash /securecoder-build # if starting fresh — activates supervision mode ``` -------------------------------- ### SecureCoder Basic Workflow Commands Source: https://github.com/nerdy-krishna/securecoder/blob/main/README.md Execute these commands from any project after installation to configure, audit, or fix code using SecureCoder. The setup is a one-time configuration for the team. ```bash /securecoder-setup # one-time team config (3 minutes) ``` ```bash /securecoder-scan # audit your code ``` ```bash /securecoder-fix # remediate findings ``` -------------------------------- ### SecureCoder Update Available Output Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-update.md Example output when an update is available, showing installed vs. latest versions, release date, and the command to upgrade. Exit code 1 indicates an update is ready. ```text Update available. Installed: v1.1.0 Latest: v1.2.0 (v1.2.0 - /securecoder-update + annotations + smart-collapse + sample review) Released: 2026-05-15T08:00:00Z (1 days ago) Notes: https://github.com/nerdy-krishna/securecoder/releases/tag/v1.2.0 To upgrade: npx skills@latest add nerdy-krishna/securecoder Your team-shared config (.securecoder/config.json), suppressions (.securecoder/suppressions.json), and scan history (.securecoder/runs/) are preserved across upgrades. ``` -------------------------------- ### Install OSV-Scanner Security Tool Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-scan/SKILL.md Installs a specific version of OSV-scanner. It checks for existing installations and verifies the version. Downloads the binary directly based on OS and architecture, makes it executable, and records installation details in installed.json. ```bash OSV_VERSION="1.9.2" TOOL_DIR="$HOME/.cache/securecoder/tools/osv-scanner" INSTALLED="$TOOL_DIR/installed.json" OSV_BIN="$TOOL_DIR/osv-scanner" if [ ! -x "$OSV_BIN" ] || ! grep -q "\"version\": \"$OSV_VERSION\"" "$INSTALLED" 2>/dev/null; then mkdir -p "$TOOL_DIR" EXT="" [ "$OS" = "windows" ] && EXT=".exe" ASSET="osv-scanner_${OSV_VERSION}_${OS}_${ARCH}${EXT}" URL="https://github.com/google/osv-scanner/releases/download/v${OSV_VERSION}/${ASSET}" curl -fsSL "$URL" -o "$OSV_BIN" chmod +x "$OSV_BIN" 2>/dev/null || true cat > "$INSTALLED" </report.html ``` -------------------------------- ### SecureCoder Advise Example Response Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-advise.md This example shows the typical response format for a query like 'Explain ASVS V1.2.1'. It includes loaded context, a verbatim quote from the framework, a plain-language interpretation, finding references if applicable, and related controls. ```text Loaded: ASVS v5.0.0 (cached at ~/.cache/securecoder/rules/frameworks/asvs/abc123/); 47 findings from run 20260514T140000Z; severity floor "low". > **ASVS v5.0.0 V1.2.1** — Verify that the application uses parameterized queries, > ORM, or stored procedures for all SQL operations and prevents dynamic queries > with untrusted input. In plain language: never concatenate user input into SQL strings. Use the database client's parameter binding (`?`-style or named) so the input is treated as data, not query syntax. In your codebase, finding `5823722d` (src/api/users.py:142) is exactly this — `cursor.execute('SELECT … WHERE id = ' + user_id)` builds the query from a string concatenation. Related: V1.2.2 (ORM-side), V1.2.5 (LDAP / XPath / NoSQL injections), and the OWASP SQL Injection Prevention Cheat Sheet at ~/.cache/securecoder/rules/frameworks/cheatsheets//cheatsheets/ SQL_Injection_Prevention_Cheat_Sheet.md. Framework references are loaded in this conversation. Ask follow-ups freely. ``` -------------------------------- ### Setup and Scan for Compliance Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/scenarios.md Initiate a compliance scan by first setting up the desired frameworks and then running the scan in LLM compliance mode. ```bash /securecoder-setup ``` ```bash /securecoder-scan (mode: LLM compliance only) ``` -------------------------------- ### Install SecureCoder Skills Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-secure/SKILL.md Install the securecoder-scan and securecoder-fix skills using npx. This is a prerequisite for running the securecoder-secure pipeline. ```bash # Conventional install paths under the host agent's skills dir. # The exact root varies by host (~/.claude/skills, etc.) — the host agent # resolves the path via its own skill registry. ``` -------------------------------- ### SecureCoder Up-to-Date Output Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-update.md Example output when the installed SecureCoder version is current. Exit code 0 indicates no update is needed. ```text You're up to date. Installed: v1.2.0 Latest: v1.2.0 (v1.2.0 - /securecoder-update + annotations + smart-collapse + sample review) ``` -------------------------------- ### SecureCoder Cost Estimation Example Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/design.md This example shows the output format for estimating the cost and time for a SecureCoder run, including SAST, compliance, and fix phases, along with approximate costs for different LLM models. ```text /securecoder-secure estimate for this repo: Files in scope: 142 SAST phase: ~30s wall time, $0 LLM cost Compliance phase: ~890 LLM calls, ~3.2M input tokens, ~960K output tokens Fix phase (est.): ~50 fix calls, ~150K input tokens, ~50K output tokens Approximate cost at common rates: Claude Opus 4.7: $60.30 Claude Sonnet 4.6: $12.10 Claude Haiku 4.5: $ 3.40 GPT-5 (typical): $20.50 Gemini 2.5 Pro: $14.80 Wall time estimate (sequential, no subagent parallelism): ~25-40 min ``` -------------------------------- ### Inspect SecureCoder Configuration Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-setup.md Use this command to view the generated `.securecoder/config.json` file after running the setup wizard. ```bash cat .securecoder/config.json ``` -------------------------------- ### Framework Fit Warning Example Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/scenarios.md This example shows a typical framework fit warning encountered when scanning a repository that does not align with the targeted web languages of an overlay. It suggests proceeding with the baseline scan. ```text Framework fit warning asvs-v5 (overlay) fit 0% — repo is 100% C; ASVS targets web languages. Most controls will return N/A. Suggested: secure-coding-essentials (baseline, already running). No overlay fits this repo well. How do you want to proceed? [recommended] skip asvs-v5 this run — baseline only [as-configured] run asvs-v5 anyway (expect mostly N/A rows) [abort] ``` -------------------------------- ### Install Pre-commit Hook Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-review.md Instructions for installing the SecureCoder pre-commit hook. This hook runs SAST-only and exits non-zero to block commits with findings above the configured severity floor. ```text /securecoder-review # At the scope picker, choose "Install pre-commit hook" ``` -------------------------------- ### Install Gitleaks Security Scanner Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-scan/SKILL.md Installs a specific version of Gitleaks. Checks if already installed and verifies the version. Downloads the appropriate asset based on OS and architecture, extracts it, and makes it executable. Updates an installed.json file with version information. ```bash GITLEAKS_VERSION="8.18.4" TOOL_DIR="$HOME/.cache/securecoder/tools/gitleaks" INSTALLED="$TOOL_DIR/installed.json" GITLEAKS_BIN="$TOOL_DIR/gitleaks" if [ ! -x "$GITLEAKS_BIN" ] || ! grep -q "\"version\": \"$GITLEAKS_VERSION\"" "$INSTALLED" 2>/dev/null; then mkdir -p "$TOOL_DIR" case "$ARCH" in amd64) GLA="x64" ;; *) GLA="$ARCH" ;; esac case "$OS" in darwin|linux) EXT="tar.gz" ;; windows) EXT="zip" ;; esac ASSET="gitleaks_${GITLEAKS_VERSION}_${OS}_${GLA}.${EXT}" URL="https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/${ASSET}" curl -fsSL "$URL" -o "$TOOL_DIR/_pkg.${EXT}" case "$EXT" in tar.gz) tar -xzf "$TOOL_DIR/_pkg.tar.gz" -C "$TOOL_DIR" gitleaks ;; zip) (cd "$TOOL_DIR" && unzip -o _pkg.zip gitleaks.exe && mv gitleaks.exe gitleaks) ;; esac rm -f "$TOOL_DIR/_pkg.${EXT}" chmod +x "$GITLEAKS_BIN" 2>/dev/null || true cat > "$INSTALLED" < "$HOME/.cache/securecoder/manifest.json" </dev/null; then mkdir -p "$TOOL_DIR" python3 -m venv "$TOOL_DIR/venv" "$TOOL_DIR/venv/bin/pip" install --quiet --upgrade pip "$TOOL_DIR/venv/bin/pip" install --quiet "semgrep==$SEMGREP_VERSION" cat > "$INSTALLED" < Config file: /.securecoder/config.json Frameworks: Severity floor: Default fix scope: Push strategy: Scan-output ignore: (applied to the root .gitignore on next scan) Languages: Next steps: - /securecoder-scan audit existing code - /securecoder-secure full scan + fix pipeline (one approval) - /securecoder-build persistent secure-build mode for active development - /securecoder-advise ask grounded questions about the active frameworks ``` -------------------------------- ### Install SecureCoder pre-commit hook Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-review/SKILL.md This script installs the SecureCoder pre-commit hook into a Git repository. It handles existing hooks by backing them up before appending the new hook. This ensures that security checks are performed automatically before each commit. ```bash HOOK_PATH="$PROJECT_ROOT/.git/hooks/pre-commit" [ -d "$PROJECT_ROOT/.git" ] || fail "Not a git repo — can't install a hook." if [ -f "$HOOK_PATH" ]; then # Existing hook — back it up and append rather than overwrite cp "$HOOK_PATH" "$HOOK_PATH.before-securecoder-$(date -u +%Y%m%dT%H%M%SZ)" fi cat > "$HOOK_PATH" <", "tools": { "semgrep": "1.50.0", "bandit": "1.7.7", "gitleaks": "8.18.0", "osv-scanner": "1.7.0" }, "rule_packs": { "semgrep/p-owasp-top-ten": "", "semgrep/p-python": "" }, "frameworks": { "asvs-v5": "v5.0.0" }, "phases": { "sast": { "duration_s": 28, "findings": 14, "input_tokens": 0, "output_tokens": 0 }, "compliance": { "duration_s": 1860, "findings": 47, "input_tokens": 3200000, "output_tokens": 960000 } }, "totals": { "findings": 61, "duration_s": 1888 } } ``` -------------------------------- ### SecureCoder Commands Source: https://github.com/nerdy-krishna/securecoder/blob/main/CHANGELOG.md These commands initiate various SecureCoder functionalities, from setup to advanced auditing and remediation. ```bash /securecoder-setup ``` ```bash /securecoder-scan ``` ```bash /securecoder-fix ``` ```bash /securecoder-secure ``` ```bash /securecoder-review ``` ```bash /securecoder-build ``` ```bash /securecoder-advise ``` -------------------------------- ### Running Multiple SecureCoder Skills in One Session Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/scenarios.md This example demonstrates how to run multiple SecureCoder skills sequentially in a single session, leveraging their file-based communication for a mixed workflow. Skills like scan, advise, fix, review, and build can be composed freely. ```bash /securecoder-scan # full scan /securecoder-advise # mode: deep-dive on a specific finding /securecoder-fix # apply fixes for critical+high /securecoder-review # check what changed before committing /securecoder-build # activate supervision for the next feature ``` -------------------------------- ### Example SecureCoder Scan Invocations (Future) Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-scan.md Illustrates potential future command-line argument formats for /securecoder-scan, including forcing specific modes or restricting compliance chapters. Note: Current implementation always prompts. ```bash # Default — interactive mode picker /securecoder-scan # (Future) Force SAST only without the mode picker /securecoder-scan sast # (Future) Force compliance only /securecoder-scan compliance # (Future) Restrict to specific ASVS chapters /securecoder-scan compliance --chapters V1,V11 ``` -------------------------------- ### Invoke SecureCoder Advise with a Question Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-advise.md Use the `/securecoder-advise` command followed by your security question in quotes to get a grounded answer. This is useful for understanding findings, weighing design choices, learning OWASP, or finding verbatim control text. ```text # Question as argument /securecoder-advise "How do I prevent SSRF in this codebase?" /securecoder-advise "Explain ASVS V1.2.1" /securecoder-advise "What's the difference between A03 Injection and A07 Auth?" /securecoder-advise "Search the ASVS for SSRF" ``` -------------------------------- ### Advise on a Specific Finding Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/scenarios.md Use this command to get a deep dive into a specific security finding. It provides context, explanations, and potential fixes. ```bash /securecoder-advise ``` -------------------------------- ### Install Bandit Tool Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-scan/SKILL.md Installs or upgrades Bandit to a specific pinned version using a virtual environment. It checks if the tool is already installed and matches the required version. ```bash BANDIT_VERSION="1.7.10" TOOL_DIR="$HOME/.cache/securecoder/tools/bandit" INSTALLED="$TOOL_DIR/installed.json" BANDIT_BIN="$TOOL_DIR/venv/bin/bandit" if [ ! -x "$BANDIT_BIN" ] || ! grep -q "\"version\": \"$BANDIT_VERSION\"" "$INSTALLED" 2>/dev/null; then mkdir -p "$TOOL_DIR" python3 -m venv "$TOOL_DIR/venv" "$TOOL_DIR/venv/bin/pip" install --quiet --upgrade pip "$TOOL_DIR/venv/bin/pip" install --quiet "bandit==$BANDIT_VERSION" cat > "$INSTALLED" </scripts/check_version.py" --json ``` -------------------------------- ### Check for SecureCoder updates Source: https://github.com/nerdy-krishna/securecoder/blob/main/README.md Check whether your installed SecureCoder is current. This command reports the latest release and provides the install command if an upgrade is available. It is read-only and never modifies anything. ```bash # Check whether you're on the latest securecoder release (v1.2.0) /securecoder-update ``` -------------------------------- ### Install Pre-commit Hook Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-review/SKILL.md Installs the SecureCoder pre-commit hook. This hook runs SAST tools on staged files and blocks commits if findings exceed a severity floor. It can be bypassed with 'git commit --no-verify'. ```bash exec python3 "" "$@" EOF chmod +x "$HOOK_PATH" echo "Installed pre-commit hook at $HOOK_PATH." echo "It runs SAST tools only (no LLM) on staged files and blocks the commit" echo "when findings above '$severity_floor' are present. Bypass once with" echo " git commit --no-verify" echo "Run /securecoder-review interactively for compliance review before pushing." ``` -------------------------------- ### Invoke SecureCoder Advise in Interactive Mode Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/per-skill/securecoder-advise.md Running `/securecoder-advise` without arguments launches an interactive mode picker, allowing you to choose the type of security query you want to perform, such as General Q&A, Findings-grounded Q&A, Specific finding deep-dive, or Framework lookup. ```text # No argument — interactive mode picker /securecoder-advise ``` -------------------------------- ### SAST Finding Example (JSONL) Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/design.md This is an example of a Security Automated Static Analysis (SAST) finding in JSONL format. It includes details like file path, lines affected, rule ID, severity, confidence, and remediation hints. ```json { "id": "sha256-hex-of-canonical-key", "file": "src/api/auth.py", "lines": { "start": 42, "end": 47 }, "source": "semgrep", "source_rule_id": "python.django.security.injection.sql-injection", "category": "sast", "cwe": ["CWE-89"], "framework_refs": [ { "framework": "asvs-v5", "control": "V1.2.1" }, { "framework": "owasp-top-10-2021", "category": "A03" } ], "severity": "high", "confidence": "high", "title": "Raw SQL query allows injection", "description": "User input concatenated into a raw SQL query without parameterization.", "evidence": "cursor.execute('SELECT * FROM users WHERE id = ' + request.GET['id'])", "remediation_hint": "Use parameterized queries.", "fix_complexity": "low", "tags": ["sql-injection", "django"], "detected_at": "2026-05-13T14:00:00Z", "status": "open", "history": [] } ``` -------------------------------- ### Secure Build Mode Controls Applied Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/getting-started.md Shows the ASVS controls relevant to the current development task, their status (SATISFIED, UNKNOWN, etc.), and recommended next steps. ```text ─── Secure Build Mode — Controls applied - V6.2.1 bcrypt for password hashing SATISFIED - V7.2.1 Set-Cookie Secure flag SATISFIED - V1.2.1 Parameterized SQL queries SATISFIED - V4.2.1 CSRF protection on POST UNKNOWN — Express defaults? ``` -------------------------------- ### Example Compliance Posture Report Section Source: https://github.com/nerdy-krishna/securecoder/blob/main/docs/guides/scenarios.md This snippet shows the structure of the compliance posture section in the generated HTML report. ```text ASVS v5.0.0: Controls evaluated: 142 Controls passing: 119 Controls with findings: 23 Posture score: 0.838 ``` -------------------------------- ### SecureCoder Command-Line Scenarios Source: https://github.com/nerdy-krishna/securecoder/blob/main/README.md Illustrates various command-line invocations for different development and auditing tasks. Use these commands to integrate SecureCoder into your workflow. ```bash /securecoder-setup /securecoder-secure review the report.html ``` ```bash /securecoder-setup /securecoder-build (then code with the agent) /securecoder-review before each commit ``` ```bash /securecoder-review (scope: branch vs base) /securecoder-fix if findings ``` ```bash /securecoder-advise "" ``` ```bash /securecoder-scan (mode: LLM compliance only) share the report.html and the compliance-posture section ``` ```bash /securecoder-scan at the fit warning pick "recommended" — the secure-coding-essentials baseline audits it; ASVS is skipped ``` ```bash /securecoder-advise (mode: specific finding deep-dive) ``` ```bash /securecoder-fix --restore ``` -------------------------------- ### SecureCoder Configuration Changes Summary Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-setup/SKILL.md This snippet shows the format for reporting changes from a previous configuration when SecureCoder setup is re-run and values are modified. ```text Changes from previous config: - frameworks: ["asvs-v5"] -> ["asvs-v5", "masvs"] - severity_floor: "low" -> "medium" ``` -------------------------------- ### Activate Secure Build Mode Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-build/SKILL.md Emit this block verbatim to activate Secure Build Mode. The `{{framework_list}}` variable will be substituted from configuration. This mode supervises all subsequent code-producing tasks against active compliance frameworks. ```text ═══════════════════════════════════════════════════════════════════════════ SECURE BUILD MODE — ACTIVATED For the remainder of this session, you (the host agent) will supervise every code-producing task against the active compliance frameworks. The user signals end-of-mode with "end secure build mode" or "/securecoder-build --end". This block falling out of context also ends the mode. ACTIVE FRAMEWORKS {{framework_list}} FRAMEWORK MARKDOWN — read on demand when controls apply ASVS v5: ~/.cache/securecoder/rules/frameworks/asvs//5.0/en/ (chapters 0x10-V1 through 0x26-V17) PROTOCOL — APPLIES TO EVERY CODE-PRODUCING TASK FROM NOW ON 1. PRE-TASK PLANNING Before writing any code, identify which framework chapters apply to what the user asked for. State the applicable controls at the top of your response — verbatim control IDs (e.g. "ASVS V1.2.1, V6.2.1"). If unclear, read the relevant chapter from the framework markdown path above; do NOT improvise control names from memory. 2. CODE PRODUCTION Plan with the listed controls in mind. Prefer constructions that satisfy them inherently (parameterized queries, secrets via env vars, output encoding at the boundary). Cite the control you're satisfying when the choice is non-obvious. 3. POST-TASK SELF-CHECK After producing code, review your own output against each applicable control. For each, classify it explicitly: - SATISFIED: The code unambiguously satisfies this control. - PARTIAL: Satisfied for the change you made; broader scope remains to be addressed elsewhere. - UNKNOWN: Insufficient context to determine; surface this as a question to the user. - N/A: Control doesn't apply to this code path. Iterate on the code until every applicable control is SATISFIED or N/A. Findings classified as UNKNOWN or PARTIAL must be surfaced to the user as explicit risks rather than silently declared done. 4. ESCALATION If a control conflicts with what the user explicitly asked for (e.g., they want a debug endpoint that exposes internal state), do not silently override either side. State the conflict and let the user choose: - "Control V.. says . You asked for . These conflict. Should I prioritize the control or the requirement?" 5. ADJUNCT After substantive changes, recommend the user run /securecoder-review to verify the change with real SAST + LLM compliance against the diff. Your self-check catches design issues; /securecoder-review catches concrete bugs your self-check missed. REPORTING TEMPLATE — append this to every code-producing response: ─── Secure Build Mode — Controls applied - V.. SATISFIED - V.. N/A — - V.. UNKNOWN — Recommended next step: /securecoder-review DO NOT DEACTIVATE THIS MODE except on explicit user request. Keep applying the protocol on every subsequent task until told otherwise. ═══════════════════════════════════════════════════════════════════════════ ``` -------------------------------- ### Detect OS and Architecture Source: https://github.com/nerdy-krishna/securecoder/blob/main/skills/security/securecoder-scan/SKILL.md Detects the host operating system and architecture. This information is used for downloading binary tools. ```bash OS="$(uname -s | tr '[:upper:]' '[:lower:]')" # darwin | linux ARCH_RAW="$(uname -m)" case "$ARCH_RAW" in x86_64|amd64) ARCH=amd64 ;; arm64|aarch64) ARCH=arm64 ;; *) ARCH="$ARCH_RAW" ;; esac ``` -------------------------------- ### Ask security questions with SecureCoder Source: https://github.com/nerdy-krishna/securecoder/blob/main/README.md Engage in Q&A grounded in cached framework markdown with verbatim citations. Use when you don't understand a finding, need to look up a control, or are weighing design choices. ```bash # Ask a security question /securecoder-advise "How do I prevent SSRF in this codebase?" ``` ```bash # Look up a specific ASVS control /securecoder-advise "Explain ASVS V1.2.1" ``` ```bash # Deep-dive on a specific finding from your last scan /securecoder-advise # At the mode prompt: "Specific finding deep-dive" # Then provide the finding ID prefix ``` -------------------------------- ### SecureCoder Gitignore Strategy Configuration Source: https://github.com/nerdy-krishna/securecoder/blob/main/README.md Example of configuring the gitignore strategy within SecureCoder's config.json. This allows opting out of automatic .gitignore management. ```json { "git": { "gitignore_strategy": "none" } } ```