AgentSkillsCN

scan

运行仓库扫描工具,全面检查安全性、弃用情况与合规性。

SKILL.md
--- frontmatter
name: scan
description: Run repository scanning tools for security, deprecation, and compliance checks
argument-hint: "<type> [options]"
allowed-tools:
  - Bash(./scripts/tls13-compliance-checker.sh:*)
  - Bash(./scripts/xcrypto-lookup.sh:*)
  - Bash(./scripts/gomock-lookup.sh:*)
  - Bash(./scripts/ioutil-deprecation-checker.sh:*)
  - Bash(./scripts/golangci-lint-checker.sh:*)
  - Bash(./scripts/go-version-checker.sh:*)
  - Bash(./scripts/ubi-lookup.sh:*)
  - Read

Repository Scanner

Run various repository scanning tools to check for security issues, deprecated code patterns, and compliance across Red Hat organizations.

Arguments: "$ARGUMENTS"

Available Scan Types

TypeScriptDescription
tlstls13-compliance-checker.shTLS configuration issues (InsecureSkipVerify, weak versions)
xcryptoxcrypto-lookup.shgolang.org/x/crypto direct usage and version tracking
gomockgomock-lookup.shDeprecated golang/mock usage (should use go.uber.org/mock)
ioutilioutil-deprecation-checker.shDeprecated io/ioutil usage (removed in Go 1.19+)
golangci-lintgolangci-lint-checker.shOutdated golangci-lint versions
go-versiongo-version-checker.shOutdated Go versions in go.mod files
ubiubi-lookup.shUBI image version usage in Dockerfiles
allAll of the aboveRun all scanners sequentially

Workflow

1. Parse Arguments

Parse "$ARGUMENTS" to determine:

  • Scan type: One of the types above, or all
  • Options: Pass-through options like --force, --help, --create-issues

If no arguments provided, show the available scan types and ask which to run.

2. Execute the Appropriate Scanner

Based on the scan type, run the corresponding script:

bash
# TLS compliance scan
./scripts/tls13-compliance-checker.sh [options]

# x/crypto usage scan
./scripts/xcrypto-lookup.sh [options]

# gomock deprecation scan
./scripts/gomock-lookup.sh [options]

# io/ioutil deprecation scan
./scripts/ioutil-deprecation-checker.sh [options]

# golangci-lint version scan
./scripts/golangci-lint-checker.sh [options]

# Go version scan
./scripts/go-version-checker.sh [options]

# UBI image scan
./scripts/ubi-lookup.sh [options]

3. For "all" Scan Type

Run each scanner in sequence, collecting results:

  1. TLS compliance
  2. x/crypto usage
  3. gomock deprecation
  4. io/ioutil deprecation
  5. golangci-lint versions
  6. Go versions
  7. UBI images

4. Report Results

After the scan completes:

  • Summarize findings
  • Note any generated report files (e.g., tls13-compliance-report.md)
  • Highlight critical/high severity issues if any

Usage Examples

Show available scans:

code
/scan

Run TLS compliance scan:

code
/scan tls

Run x/crypto scan with issue creation:

code
/scan xcrypto --create-issues

Run all scans:

code
/scan all

Force refresh (ignore cache):

code
/scan tls --force

Get help for a specific scanner:

code
/scan gomock --help

Common Options

Most scanners support these options:

OptionDescription
--help, -hShow help for the specific scanner
--force, -fForce refresh, ignore cached results
--create-issuesCreate GitHub issues for findings (where supported)
--no-trackingSkip updating central tracking issues

Notes

  • All scans use the shared cache system in scripts/caches/
  • Scans automatically skip forks, abandoned repos, and repos without go.mod
  • Results are cached for 6 hours by default
  • The TLS scan supports --mode api for CI/CD environments