vulnerability-management
SKILL.md
Vulnerability Management Skill
Purpose
Defines vulnerability management processes for identifying, assessing, prioritizing, and remediating security vulnerabilities.
Vulnerability Sources
- Dependabot — Dependency vulnerability alerts
- CodeQL — Static analysis security findings
- Secret Scanning — Exposed credentials detection
- npm audit — Node.js dependency vulnerabilities
- Manual Review — Code review and penetration testing
Severity Classification (CVSS)
| Score | Rating | SLA |
|---|---|---|
| 9.0-10.0 | Critical | 24 hours |
| 7.0-8.9 | High | 7 days |
| 4.0-6.9 | Medium | 30 days |
| 0.1-3.9 | Low | 90 days |
Remediation Process
- Identify — Automated scanning and alerting
- Assess — Determine severity and impact
- Prioritize — Risk-based prioritization
- Remediate — Patch, upgrade, or mitigate
- Verify — Confirm fix is effective
- Document — Record actions taken
GitHub Integration
- Enable Dependabot alerts and security updates
- Configure CodeQL analysis in CI/CD
- Enable secret scanning with push protection
- Pin GitHub Actions to SHA hashes
- Use step-security/harden-runner
CIS Controls Mapping
- CIS Control 7 — Continuous Vulnerability Management
- CIS Control 16 — Application Software Security
ISO 27001 Mapping
- A.8.8 — Management of technical vulnerabilities
- A.8.9 — Configuration management
Related Policies
Weekly Installs
18
Repository
hack23/riksdagsmonitorGitHub Stars
2
First Seen
11 days ago
Security Audits
Installed on
opencode18
github-copilot18
codex18
amp18
cline18
kimi-cli18