skills/aws-samples/sample-agent-skills-for-builders/security-scan

security-scan

Installation

SKILL.md

Security Scan

Comprehensive AWS CDK project security and compliance scanning with multi-tool analysis.

When to Apply

Reference this skill when:

Running security audits on CDK projects
Checking license compliance
Scanning container images for vulnerabilities
Running aggregated SAST/IaC/secret analysis (via ASH)
Generating security reports for review

How It Works

IMPORTANT: All 9 steps are mandatory. Do not skip steps regardless of time constraints.

Architecture Diagram - Capture system architecture
CDK Synthesis - Generate CloudFormation templates
Viperlight Scan - Code security analysis
License Check - Dependency license compliance
Trivy Scan - Container vulnerability scanning
ASH Scan - Automated Security Helper (aggregated SAST/IaC/secret scanners)
Deployment Verification - Validate deployment readiness
Summary Report - Generate findings summary
HTML Report - Create visual report

Prerequisites

AWS CDK project
Viperlight CLI installed
Trivy CLI installed
ASH (Automated Security Helper) - installed via uvx from https://github.com/awslabs/automated-security-helper
Docker (required for ASH container mode)

Usage

# Run security scan
"Run security scan on my CDK project"
"Check this project for vulnerabilities"
"Generate security compliance report"

Output

Results saved to security-scan-results/{TIMESTAMP}/:

Raw scan outputs per tool
clean-results/ - Parsed findings
security-report.html - Visual report

Enforcement Rules

Execute ALL scan commands (no skipping)
Fix issues found (don't just comment them)
Non-interactive execution only
Continue pipeline on individual step failures

References

Weekly Installs

4

Repository

aws-samples/sam…builders

GitHub Stars

8

First Seen

4 days ago

Security Audits

Gen Agent Trust HubPass