firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d740f77ef74494dea032333894e335f6332cb423
claude-skills-reference/.claude/commands/security-scan.md
Reza Rezvani 4a6b514b06 feat(commands): add git workflow and quality gate slash commands 
Implemented complete slash command system adapted from claude-code-skills-factory
for streamlined git workflow and quality assurance in claude-skills repository.

## New Slash Commands

### Git Workflow (3 commands)
- **git/cm.md** (/git:cm): Stage and commit (no push)
- **git/cp.md** (/git:cp): Stage, commit, and push with quality checks
- **git/pr.md** (/git:pr): Create pull request from current branch

### Quality Gates (2 commands)
- **review.md** (/review): Local quality checks (YAML lint, schema validation, Python syntax, markdown links)
- **security-scan.md** (/security-scan): Security validation (Gitleaks, Safety audit)

### Documentation
- **README.md**: Complete command reference with usage examples and workflows

## Key Features

 Step-by-step instructions for each command
 Safety checks (secrets detection, credential scanning)
 Conventional Commit format enforcement
 Integration with CI workflows (ci-quality-gate.yml)
 Quality gate enforcement before push

## Adaptations from Factory Project

- Updated directory paths for claude-skills structure
- Configured for repository-specific workflows
- Simplified for skills library workflow
- Removed factory-specific commands (build, validate-output, etc.)
- Kept essential git and quality commands only

## Usage

Commands available in Claude Code CLI:
- /git:cm - Commit without pushing
- /git:cp - Complete git workflow
- /git:pr - Create pull request
- /review - Run quality checks
- /security-scan - Run security validation

## Integration

Commands integrate with GitHub automation:
- /git:cp triggers ci-quality-gate workflow
- /git:pr triggers claude-code-review workflow
- Merged PRs trigger pr-issue-auto-close workflow

See .claude/commands/README.md for complete documentation.
2025-11-04 22:16:53 +01:00

23 lines
659 B
Markdown
Raw Blame History

---
description: Run the security scan gate before pushing.
---
1. Ensure dependencies are installed:
```bash
pip install safety==3.2.4
brew install gitleaks # or appropriate package manager
```
2. Scan for committed secrets:
```bash
gitleaks detect --verbose --redact
```
- Resolve any findings before continuing.
3. Audit Python dependencies (if requirements files exist):
```bash
for f in $(find . -name "requirements*.txt" 2>/dev/null); do
safety check --full-report --file "$f"
done
```
4. Record results in the commit template's Testing section.
5. After a clean pass, proceed with commit and push workflow.
Reference in New Issue View Git Blame Copy Permalink