d48cda4081
CI / Test (ubuntu-latest, Node 18.x, bun) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, npm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, pnpm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, yarn) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 20.x, bun) (push) Failing after 17m13s
CI / Test (ubuntu-latest, Node 20.x, npm) (push) Failing after 18m42s
CI / Test (ubuntu-latest, Node 20.x, pnpm) (push) Failing after 15m0s
CI / Test (ubuntu-latest, Node 20.x, yarn) (push) Failing after 49m44s
CI / Test (ubuntu-latest, Node 22.x, bun) (push) Failing after 51m55s
CI / Test (ubuntu-latest, Node 22.x, pnpm) (push) Failing after 21m57s
CI / Test (ubuntu-latest, Node 22.x, npm) (push) Failing after 37m39s
CI / Test (ubuntu-latest, Node 22.x, yarn) (push) Failing after 34m7s
CI / Validate Components (push) Failing after 37m15s
CI / Python Tests (push) Failing after 10m1s
CI / Security Scan (push) Failing after 10m1s
CI / Lint (push) Failing after 17m12s
CI / Coverage (push) Failing after 20m19s
CI / Test (macos-latest, Node 18.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, yarn) (push) Has been cancelled
2.1 KiB
2.1 KiB
description, agent, subtask
| description | agent | subtask |
|---|---|---|
| Run comprehensive security review | everything-claude-code:security-reviewer | true |
Security Review Command
Conduct a comprehensive security review: $ARGUMENTS
Your Task
Analyze the specified code for security vulnerabilities following OWASP guidelines and security best practices.
Security Checklist
OWASP Top 10
-
Injection (SQL, NoSQL, OS command, LDAP)
- Check for parameterized queries
- Verify input sanitization
- Review dynamic query construction
-
Broken Authentication
- Password storage (bcrypt, argon2)
- Session management
- Multi-factor authentication
- Password reset flows
-
Sensitive Data Exposure
- Encryption at rest and in transit
- Proper key management
- PII handling
-
XML External Entities (XXE)
- Disable DTD processing
- Input validation for XML
-
Broken Access Control
- Authorization checks on every endpoint
- Role-based access control
- Resource ownership validation
-
Security Misconfiguration
- Default credentials removed
- Error handling doesn't leak info
- Security headers configured
-
Cross-Site Scripting (XSS)
- Output encoding
- Content Security Policy
- Input sanitization
-
Insecure Deserialization
- Validate serialized data
- Implement integrity checks
-
Using Components with Known Vulnerabilities
- Run
npm audit - Check for outdated dependencies
- Run
-
Insufficient Logging & Monitoring
- Security events logged
- No sensitive data in logs
- Alerting configured
Additional Checks
- Secrets in code (API keys, passwords)
- Environment variable handling
- CORS configuration
- Rate limiting
- CSRF protection
- Secure cookie flags
Report Format
Critical Issues
[Issues that must be fixed immediately]
High Priority
[Issues that should be fixed before release]
Recommendations
[Security improvements to consider]
IMPORTANT: Security issues are blockers. Do not proceed until critical issues are resolved.