Skills

vulnerability-management

Installation
SKILL.md

Vulnerability Management Skill

Purpose

Defines vulnerability management processes for identifying, assessing, prioritizing, and remediating security vulnerabilities.

Vulnerability Sources

  • Dependabot — Dependency vulnerability alerts
  • CodeQL — Static analysis security findings
  • Secret Scanning — Exposed credentials detection
  • npm audit — Node.js dependency vulnerabilities
  • Manual Review — Code review and penetration testing

Severity Classification (CVSS)

Score Rating SLA
9.0-10.0 Critical 24 hours
7.0-8.9 High 7 days
4.0-6.9 Medium 30 days
0.1-3.9 Low 90 days

Remediation Process

  1. Identify — Automated scanning and alerting
  2. Assess — Determine severity and impact
  3. Prioritize — Risk-based prioritization
  4. Remediate — Patch, upgrade, or mitigate
  5. Verify — Confirm fix is effective
  6. Document — Record actions taken

GitHub Integration

  • Enable Dependabot alerts and security updates
  • Configure CodeQL analysis in CI/CD
  • Enable secret scanning with push protection
  • Pin GitHub Actions to SHA hashes
  • Use step-security/harden-runner

CIS Controls Mapping

  • CIS Control 7 — Continuous Vulnerability Management
  • CIS Control 16 — Application Software Security

ISO 27001 Mapping

  • A.8.8 — Management of technical vulnerabilities
  • A.8.9 — Configuration management

Related Policies

Related skills

More from hack23/riksdagsmonitor

Installs
25
Repository
hack23/riksdagsmonitor
GitHub Stars
8
First Seen
Mar 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass