Apply security threat model framework
security-coreskillsetup L1★0
Sheshiyer/skill-clusters ↗What it does
Run security baseline checks on code and infrastructure
Best for
Continuous security validation when shipping code or IaC to production
Inputs
- · code directory or infra-as-code files
Outputs
- · security checklist (passed/failed)
- · CVSS scores for found issues
- · remediation steps
Requires
- · Semgrep OR Checkov
- · Trivy (for container images)
Preconditions
Code or IaC files accessible; scanner tool installed
Failure modes
- · Scanners produce false positives on compliant code
- · Custom rules not loaded if config missing
Trust signals
- · Supports industry standards (OWASP, CIS Benchmarks)
- · CVSS scoring included