SecOpsAgentKit
🥈SilverSecOpsAgentKit is a security operations toolkit for AI coding agents. It provides Claude Code 25+ skills to catch vulnerabilities, scan containers, detect secrets, and enforce policies automatically. Benefits security teams and developers by integrating security checks into the coding workflow.
10170Updated 1mo ago
Intermediate30min to implementautomation
Saves ~240 min per use
Quick InstallView Source
git clone https://github.com/AgentSecOps/SecOpsAgentKit.gitWorks with:
Claude
Overview
About This Skill
SecOpsAgentKit is a security operations toolkit for AI coding agents. It provides Claude Code 25+ skills to catch vulnerabilities, scan containers, detect secrets, and enforce policies automatically. Benefits security teams and developers by integrating security checks into the coding workflow.
How to Use
[{"step":1,"action":"Install SecOpsAgentKit tools in your project environment. For Claude Code users: `pip install secops-agent-kit` and configure API keys for your scanners (Trivy, Grype, Gitleaks, etc.). For Docker users: `docker pull secops/agentkit:latest`.","tip":"Ensure your scanner tools are updated to their latest versions to avoid false negatives. Use `secops-agent-kit update-scanners` to synchronize versions."},{"step":2,"action":"Run the full security scan suite using the provided prompt template. Replace [PLACEHOLDERS] with your project paths, image names, and policy requirements. Example: `secops-agent-kit scan --project /workspace/my-app --image my-app:latest --policies owasp-top10`.","tip":"For large projects, run scans incrementally (e.g., SCA first, then container scan) to manage resource usage. Use `--severity critical,high` to focus on high-risk items."},{"step":3,"action":"Review the generated report in the console output or export to JSON/HTML for documentation. Use `secops-agent-kit report --format html --output security-report.html` to generate a shareable report.","tip":"Prioritize remediation based on the risk score and CVSS ratings. Focus on critical vulnerabilities first, then address high-severity findings within 24-48 hours."},{"step":4,"action":"Integrate SecOpsAgentKit into your CI/CD pipeline. Add a step in your GitHub Actions, GitLab CI, or Jenkins pipeline to run `secops-agent-kit scan` on every push to main. Fail the build on critical vulnerabilities.","tip":"Use `--fail-on critical` flag in CI to enforce security gates. Example: `secops-agent-kit scan --project . --fail-on critical,high`."},{"step":5,"action":"Set up automated policy enforcement. Use `secops-agent-kit enforce --policy no-secrets --directory src/` to block commits containing secrets. Configure pre-commit hooks to run before pushes.","tip":"Customize policies by creating a `.secops-policies.yaml` file in your project root. Example: `policies: no-hardcoded-api-keys: pattern: 'apiKey\\s*=\\s*[\"\\'].*[\"\\']'`"}]
Tags
Setup & Installation
Quick Install
No install command available. Check the GitHub repository for manual installation instructions.
Alternative Install (Git Clone)
git clone https://github.com/AgentSecOps/SecOpsAgentKitRequirements
- Claude Code or compatible AI agent
- Works with: Claude
Quick Start Guide
1
Install the Skill
Copy the install command above and run it in your terminal.
2
Open Your AI Agent
Launch Claude Code, Cursor, or your preferred AI coding agent.
3
Try It Out
Use the prompt template or examples below to test the skill.
4
Customize
Adapt the skill to your specific use case and workflow.
Usage Examples
Prompt Template
Act as a SecOpsAgentKit security expert. Use the following tools to analyze [PROJECT_PATH] for security risks: 1) Run a SCA scan with [SCANNER_TOOL] to identify vulnerable dependencies. 2) Perform a container image scan on [IMAGE_NAME:TAG] using [SCANNER_TOOL] for CVEs and misconfigurations. 3) Check for exposed secrets in [DIRECTORY_PATH] with [SCANNER_TOOL]. 4) Enforce [POLICY_NAME] policy (e.g., no hardcoded passwords) and generate a report. Prioritize findings by severity and suggest remediation steps for each. Include false positive checks where applicable.
Example Output
## Security Analysis Report for Acme Corp - E-Commerce Platform **Project:** `/workspace/acme-ecommerce` | **Scan Time:** 2024-05-15T14:30:00Z ### 1. Software Composition Analysis (SCA) Results - **Critical:** 1 vulnerability found in `lodash@4.17.21` (CVE-2021-23337) - Prototype Pollution. Impact: Remote code execution. **Remediation:** Upgrade to `lodash@4.17.4` or higher. - **High:** 3 outdated dependencies flagged (express@4.17.1, axios@0.21.1, moment@2.29.1). **Remediation:** Update to latest stable versions. - **False Positive Check:** Verified no direct prototype pollution in application code via manual review. ### 2. Container Security Scan (Image: `acme-ecommerce:2.1.0`) - **Critical:** Privilege escalation vulnerability in base image `alpine:3.18` (CVE-2024-28981). **Remediation:** Rebuild with `alpine:3.19` or use distroless images. - **High:** Default credentials in Redis container (`REDIS_PASSWORD=admin123`). **Remediation:** Rotate all default passwords and implement Kubernetes Secrets. - **Medium:** Unencrypted Docker socket mounted at `/var/run/docker.sock`. **Remediation:** Remove socket mount or implement strict volume permissions. ### 3. Secret Detection Results - **Critical:** Found AWS access key in `config/production.js` (Line 42): `AKIAIOSFODNN7EXAMPLE`. **Remediation:** Immediately revoke key and rotate credentials. Use AWS Parameter Store for secrets. - **High:** GitHub PAT exposed in CI workflow (`/.github/workflows/deploy.yml`). **Remediation:** Store in GitHub Secrets with restricted access. - **False Positive:** 12 instances of `process.env.NODE_ENV` flagged as potential secrets (all confirmed safe). ### 4. Policy Enforcement (OWASP Top 10 Compliance) - **Failed:** Policy `no-hardcoded-passwords` violated in 3 files. All passwords replaced with environment variables. - **Passed:** Policy `no-admin-in-production` complied with (admin roles removed from production config). **Action Items:** 1. Upgrade lodash and other dependencies (ETA: 2 days) 2. Rebuild container images with updated base (ETA: 1 day) 3. Rotate all exposed credentials (ETA: 4 hours) 4. Implement secret scanning in CI pipeline (ETA: 1 week) **Risk Score:** 8.2/10 (Critical: 1, High: 4, Medium: 2) *Note: All findings verified by SecOpsAgentKit v2.3.1 with Trivy, Grype, and Gitleaks.*
Apply to these tools
Browse all toolsClaude
AI assistant built for thoughtful, nuanced conversation
Autom
Your one-stop shop for church and ministry supplies.
Automa
Automate your browser workflows effortlessly
Sage
Accounting software with automated invoicing and reporting
Gecko Security
AI-powered security engineer for vulnerability management
Hex Security
AI-powered offensive security automation
Compatible MCP servers
Browse all MCP servers
Find the right skills for your stack
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan