Total 30,670 skills, Security & Compliance has 1088 skills
Showing 12 of 1088 skills
Run SpotBugs with Find Security Bugs plugin on Java code. Detects injection flaws, XXE, insecure crypto, SSRF, deserialization, and other JVM security bugs.
Run Semgrep SAST scans on code. Supports 30+ languages with OWASP, security, and custom rulesets. Parses results and provides remediation guidance.
Run MobSF (Mobile Security Framework) for automated static and dynamic analysis of Android and iOS apps. Detects insecure storage, weak crypto, hardcoded secrets, and permission issues.
Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.
Run ScanCode Toolkit for comprehensive license and copyright detection. Identifies license types, copyright holders, and compliance obligations across codebases.
Run pip-audit for Python dependency vulnerability scanning. Checks installed packages and requirements files against the OSV and PyPI advisory databases.
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
Run Confused and GuardDog to detect dependency confusion and typosquatting risks. Checks if internal package names exist on public registries and identifies malicious packages.
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
Run cargo-audit and cargo-geiger on Rust code. Audits dependencies for known vulnerabilities and detects unsafe code usage for memory safety review.
Run Syft to generate Software Bill of Materials (SBOM) from container images and filesystems. Outputs CycloneDX or SPDX formats for supply chain compliance.