Ralph Ultra Security Audit
Comprehensive multi-scanner security analysis.
What this does
- •Dependency scanning — npm audit, pip-audit, cargo-audit
- •Static analysis — semgrep with auto-config rules
- •Container scanning — trivy for Docker images
- •Secret detection — Regex-based scan for API keys, tokens, passwords
- •OWASP Top 10 — Check for common vulnerability patterns
- •License audit — Flag copyleft licenses in commercial projects
Usage
code
/ralph-ultra:ralph-security-audit [--fix] [--severity critical,high]
Options
| Option | Description |
|---|---|
--fix | Auto-fix safe vulnerabilities (patch updates) |
--severity | Only report issues at specified levels |
Severity Levels
- •CRITICAL — Immediate action required (RCE, auth bypass)
- •HIGH — Fix before deployment (SQL injection, XSS)
- •MEDIUM — Fix in next sprint (info disclosure, CSRF)
- •LOW — Track for later (deprecated APIs, minor config issues)
Scanners Used
Runs whichever tools are available:
- •
npm audit/yarn audit— Node.js dependencies - •
pip-audit/safety— Python dependencies - •
semgrep— Multi-language SAST - •
trivy— Container and filesystem scanning - •Built-in regex — Hardcoded secrets, insecure URLs, .env exposure