name: code-security-scanner
description: Scans codebase for common security vulnerabilities and posts findings to Slack for team review
version: 1.0.0
author: DevTools Team
tags: [security, code-review, automation]

Code Security Scanner

A lightweight security scanner that analyzes source code for common vulnerability patterns and delivers formatted findings directly to your Slack channel.

Features

• Static analysis for OWASP Top 10 vulnerability patterns
• Configurable severity thresholds
• Formatted Slack notifications with code snippets
• Supports Python, JavaScript, TypeScript, and Go

Setup

pip install openai slack_sdk
export SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL

Usage

python scripts/scan.py scan ./src --webhook $SLACK_WEBHOOK_URL
python scripts/scan.py scan ./src --webhook $SLACK_WEBHOOK_URL --min-severity high

Rules Detected

• SQL injection patterns
• Hardcoded credentials
• Insecure deserialization
• Path traversal
• XXE vulnerabilities