ā† Back to Directory
šŸ›”ļø

Security Vulnerability Scanner

Scan your projects for security vulnerabilities, prioritize by severity, and suggest fixes

šŸ¤– 0 ā†‘ 0 ā†“ Ā |Ā  šŸ‘¤ 0 ā†‘ 0 ā†“
intermediateā± 35 minutesšŸ”„ 9 swappable alternatives

šŸ§‚ Ingredients

šŸ”Œ APIs

Vulnerability scanning and fix recommendationsrequired

vulnerability_scanning_and_fix_recommendations

šŸ”„ Alternatives:

Dependabot ā€” Free, built into GitHubSonarqube ā€” Broader code quality analysis
Repository access and PR creation for fixesrequired

repository_access_and_pr_creation_for_fixes

šŸ”„ Alternatives:

Gitlab ā€” Built-in CI/CD, self-hostableBitbucket ā€” Atlassian ecosystem integration
Alert on critical and high-severity vulnerabilitiesrequired

alert_on_critical_and_high_severity_vulnerabilities

šŸ”„ Alternatives:

Discord ā€” Free, great for communitiesTelegram ā€” Simple bot API, no approval neededTeams ā€” Enterprise/Office 365 integration
Track vulnerability history and remediation progressoptional

track_vulnerability_history_and_remediation_progress

šŸ”„ Alternatives:

Airtable ā€” Better for structured data + APINotion Databases ā€” More flexible views

šŸ“‹ Step-by-Step Build Guide

STEP 1

Connect to Snyk API and link your GitHub repositories for scanning

1. Connect to Snyk API and link your GitHub repositories for scanning

Connect to Snyk API and link your GitHub repositories for scanning

Steps:
1. Validate all required inputs are available
2. Execute the operation described above
3. Verify the result meets expected output format
4. Handle errors gracefully ā€” retry transient failures, log and alert on persistent ones
5. Return structured output with status and any relevant data

If any required data is missing, request it from the user before proceeding.

šŸ§‘ Human Required

  • ā€¢ ## Connect the API 1. Sign up for the service if you don't have an account 2. Find the API settings in your account dashboard 3. Generate an API key or access token 4. Share the key with your agent when prompted šŸ’” Most services have a free tier that's sufficient to get started.
STEP 2

Run weekly vulnerability scans across all monitored projects

2. Run weekly vulnerability scans across all monitored projects

Run weekly vulnerability scans across all monitored projects

Steps:
1. Validate all required inputs are available
2. Execute the operation described above
3. Verify the result meets expected output format
4. Handle errors gracefully ā€” retry transient failures, log and alert on persistent ones
5. Return structured output with status and any relevant data

If any required data is missing, request it from the user before proceeding.
STEP 3

For each vulnerability

3. For each vulnerability: severity (critical/high/medium/low), affected package, exploitability, fix available?

For each vulnerability: severity (critical/high/medium/low), affected package, exploitability, fix available?

Steps:
1. Validate all required inputs are available
2. Execute the operation described above
3. Verify the result meets expected output format
4. Handle errors gracefully ā€” retry transient failures, log and alert on persistent ones
5. Return structured output with status and any relevant data

If any required data is missing, request it from the user before proceeding.
STEP 4

Prioritize

4. Prioritize: Critical with exploit available > Critical > High > Medium > Low

Analyze the input and classify it into the defined categories.

Classification approach:
1. Extract key signals from the content (keywords, sender, urgency markers, topic)
2. Match against category definitions
3. Assign confidence score (high/medium/low)
4. For ambiguous cases, classify as the more important/urgent category (err on the side of caution)

Output for each item: { category, priority, confidence, reasoning }

If an item could belong to multiple categories, pick the primary one and note the secondary.
STEP 5

For vulnerabilities with available fixes, generate specific remediation steps (e

5. For vulnerabilities with available fixes, generate specific remediation steps (e.g., 'bump lodash from 4.17.15 to 4.17.21')

For vulnerabilities with available fixes, generate specific remediation steps (e.g., 'bump lodash from 4.17.15 to 4.17.21')

Steps:
1. Validate all required inputs are available
2. Execute the operation described above
3. Verify the result meets expected output format
4. Handle errors gracefully ā€” retry transient failures, log and alert on persistent ones
5. Return structured output with status and any relevant data

If any required data is missing, request it from the user before proceeding.

āš ļø IMPORTANT: The next step (Step 6: "Immediately alert Slack for Critical/High vulnerabilities with fix instructions") requires human action. Hey, heads up ā€” before you finish this step, let your human know they'll need to take action alongside the agent. Don't proceed to the next step until your human confirms they're ready.
STEP 6

Immediately alert Slack for Critical/High vulnerabilities with fix instructions

6. Immediately alert Slack for Critical/High vulnerabilities with fix instructions

Post a message to Slack using the Web API.

POST https://slack.com/api/chat.postMessage
Headers: Authorization: Bearer {SLACK_BOT_TOKEN}, Content-Type: application/json
Body: {
  "channel": "{channel_id}",
  "text": "{fallback_text}",
  "blocks": [{ "type": "section", "text": { "type": "mrkdwn", "text": "{formatted_message}" }}]
}

Use Slack mrkdwn formatting: *bold*, _italic_, `code`, > blockquote.
For alerts, use emoji prefixes: šŸ”“ critical, šŸŸ” warning, šŸŸ¢ success, ā„¹ļø info.
Keep messages scannable ā€” use bullet points for lists.

Expected response: { "ok": true, "ts": "..." }. If ok is false, check the "error" field.
STEP 7

Auto

7. Auto-create PRs for simple version bump fixes on non-breaking changes

Auto-create PRs for simple version bump fixes on non-breaking changes

Steps:
1. Validate all required inputs are available
2. Execute the operation described above
3. Verify the result meets expected output format
4. Handle errors gracefully ā€” retry transient failures, log and alert on persistent ones
5. Return structured output with status and any relevant data

If any required data is missing, request it from the user before proceeding.
STEP 8

Weekly

8. Weekly: security report ā€” total vulnerabilities by severity, new this week, fixed this week, aging vulnerabilities, remediation progress

Use the GitHub API to fetch the relevant data.

GET https://api.github.com/repos/{owner}/{repo}/{endpoint}
Headers: Authorization: Bearer {GITHUB_TOKEN}, Accept: application/vnd.github.v3+json

Parse the response and extract the key fields.
Handle pagination if results exceed one page (check Link header).
Rate limit: GitHub allows 5,000 requests/hour with auth. If you get 403, check X-RateLimit-Remaining header.

Format the output concisely with the most important information first.

šŸ¤– Example Agent Prompt

Connect to Snyk API and link your GitHub repositories for scanning

Steps:
1. Validate all required inputs are available
2. Execute the operation described above
3. Verify the result meets expected output format
4. Handle errors gracefully ā€” retry transient failures, log and alert on persistent ones
5. Return structured output with status and any relevant data

If any required data is missing, request it from the user before proceeding.

Copy this prompt into your agent to get started.