Security Scan
Commands
- •
npm audit --audit-level=high - •If Semgrep is available:
semgrep --config p/ci
Evidence
- •Write
reports/security/SECURITY_REPORT.mdwith:- •Findings summary
- •Remediation plan
运行安全扫描(npm audit + 可选 Semgrep),并将相关证据写入 reports/security/ 目录。
--- frontmattername: security-scan description: Run security scans (npm audit + optional Semgrep) and write evidence to reports/security/. disable-model-invocation: true argument-hint: '[mode=pr|nightly]' allowed-tools: Read, Grep, Glob, Bash(npm audit *), Bash(semgrep *)
npm audit --audit-level=highsemgrep --config p/cireports/security/SECURITY_REPORT.md with: