Title: Add dependency-scanning skill to advanced-security plugin by MabCloud · Pull Request #33 · github/copilot-plugins · GitHub
Open Graph Title: Add dependency-scanning skill to advanced-security plugin by MabCloud · Pull Request #33 · github/copilot-plugins
X Title: Add dependency-scanning skill to advanced-security plugin by MabCloud · Pull Request #33 · github/copilot-plugins
Description: What's this? A new dependency-scanning skill for the advanced-security plugin. Think of it as the sibling of the existing secret-scanning skill, but instead of looking for leaked credentials, it looks for known CVEs and security vulnerabilities in your project's dependencies. How it works When you ask something like "are there any vulnerabilities in my dependencies?" or "check my packages for CVEs", the agent will: Auto-detect your ecosystem by looking for lock files in the project (package-lock.json, yarn.lock, pnpm-lock.yaml, Cargo.lock, Gemfile.lock, go.sum, *.csproj, etc.). Works with monorepos that have multiple ecosystems. Run the right audit tool for each ecosystem — no configuration needed. Report findings by severity (Critical → High → Moderate → Low) with CVE IDs, a short description, the advisory link, and the exact command to fix it. Optionally cross-reference Dependabot alerts from GitHub if the repo has them enabled, using gh api or the REST API. Supported ecosystems Ecosystem Tool used npm pm audit Yarn Classic (v1) yarn audit Yarn Berry (v2+) yarn npm audit pnpm pnpm audit Python pip-audit Rust cargo audit Ruby bundler-audit Go govulncheck .NET dotnet list package --vulnerable Files changed plugins/advanced-security/skills/dependency-scanning/SKILL.md — the new skill plugins/advanced-security/README.md — updated to document the new skill .github/plugin/marketplace.json — registers dependency-scanning under the advanced-security plugin entry
Open Graph Description: What's this? A new dependency-scanning skill for the advanced-security plugin. Think of it as the sibling of the existing secret-scanning skill, but instead of looking for leaked credentials, i...
X Description: What's this? A new dependency-scanning skill for the advanced-security plugin. Think of it as the sibling of the existing secret-scanning skill, but instead of looking for leaked credential...
Opengraph URL: https://github.com/github/copilot-plugins/pull/33
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:b88bc317-029b-6d5f-2e5a-5e9a971e7dd6 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | D524:1A0CEA:E28615:1361676:6A4C9B0B |
| html-safe-nonce | 56a8f9d76b686acc224733af412bb3d751c5b32e98bf3a6567b6830d22e08af9 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJENTI0OjFBMENFQTpFMjg2MTU6MTM2MTY3Njo2QTRDOUIwQiIsInZpc2l0b3JfaWQiOiI1NjMwNzMxMTUyMjI4MzkxNjkxIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 383543b4463a51738a6790a48d28bb2e8cabc59146978d9e29a599e68e1e2d53 |
| hovercard-subject-tag | pull_request:3538683461 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/github/copilot-plugins/pull/33/files |
| twitter:image | https://avatars.githubusercontent.com/u/276547962?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/276547962?s=400&v=4 |
| og:image:alt | What's this? A new dependency-scanning skill for the advanced-security plugin. Think of it as the sibling of the existing secret-scanning skill, but instead of looking for leaked credentials, i... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/github/copilot-plugins git https://github.com/github/copilot-plugins.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 1139297589 |
| octolytics-dimension-repository_nwo | github/copilot-plugins |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 1139297589 |
| octolytics-dimension-repository_network_root_nwo | github/copilot-plugins |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 7a2dede45637df6b92ddcfe2a557e67d4b5854ae |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width