Patski123/coding-agent-examples
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6fe09d9d4cd471f5897e59f0856d2823c240db2
coding-agent-examples/security-review/README.md

2.5 KiB
Raw Blame History

Security Review Workflow

This directory contains templates and examples for implementing an automated security review system that provides comprehensive vulnerability scanning and security analysis on code changes. This workflow is inspired by and taken from Anthropic's claude-code-security-review GitHub repository, enabling teams to proactively identify and address security issues before they reach production.

Concept

This workflow establishes a comprehensive methodology for automated security reviews in Claude Code, leveraging AI agents to detect vulnerabilities and enforce security best practices:

Core Methodology:

  • Automated Security Scanning: Deploy AI-powered security reviewers that identify vulnerabilities, exposed secrets, and potential attack vectors
  • OWASP-Based Analysis: Follow industry-standard security frameworks including OWASP Top 10 to ensure comprehensive coverage
  • Severity Classification: Automatically categorize findings by severity level (Critical, High, Medium, Low) with clear remediation guidance
  • False Positive Management: Intelligent filtering to reduce noise and focus on real security issues

Implementation Features:

  • Slash Commands: Enable instant security reviews with /security-review that analyzes recent changes for security vulnerabilities
  • GitHub Actions Integration: Automated security scanning on every PR, with inline comments highlighting specific security concerns
  • Secret Detection: Identify exposed API keys, credentials, and sensitive information before they're committed
  • Dependency Analysis: Review third-party dependencies for known vulnerabilities and security risks
  • Custom Security Policies: Configure organization-specific security requirements and compliance standards

This approach ensures that security is built into the development process from the start, catching vulnerabilities early when they're easiest and least expensive to fix.

Resources

Templates & Examples

Video Tutorial

For a detailed walkthrough of this workflow, watch the comprehensive tutorial on YouTube.