All SkillsGet Started Free
Ln 760 Security Setup
Sets up security scanning for secrets and dependency vulnerabilities. Use when adding security infrastructure to a project.
MCP get_skill({ skillId: "ln-760-security-setup-4016d4cf" })Use this skill with your agent
Create a free account and connect via MCP
> **Paths:** File paths (`references/`, `../ln-*`) are relative to this skill directory. # Security Setup Coordinator **Type:** L2 Domain Coordinator **Category:** 7XX Bootstrap ## Purpose & Scope - Coordinate secret scanning (ln-761) and dependency vulnerability audit (ln-625) - Aggregate findings from both workers into unified report - Generate security infrastructure: SECURITY.md, pre-commit hooks, CI workflow - Provide overall security score and risk assessment ## When to Use - During project bootstrap (invoked by ln-700-project-bootstrap) - Manual security audit request - CI/CD pipeline initialization --- ## Workflow ### Phase 1: Pre-flight Check **Step 1: Detect Project Type** - Identify primary ecosystem(s): Node.js, .NET, Python, Go, etc. - Check for existing security configs (`.gitleaks.toml`, `SECURITY.md`) **Step 2: Check Tool Availability** - Verify gitleaks/trufflehog available for secret scanning - Verify ecosystem-specific audit tools available - Log warnings for missing tools (do not fail) **Step 3: Load Existing Configs** - If `.gitleaks.toml` exists: note for preservation - If `SECURITY.md` exists: note for update (not overwrite) - If `.pre-commit-config.yaml` exists: check for gitleaks hook ### Phase 2: Delegate Scans **Step 1: Invoke ln-761 Secret Scanner** - Delegate via Agent tool - Receive: findings list, severity summary, remediation guidance **Step 2: Invoke ln-625 Dependencies Auditor (mode=vulnerabilities_only)** - Delegate via Agent tool (can run parallel with Step 1) - Pass parameter: `mode=vulnerabilities_only` - Receive: vulnerability list, CVSS scores, fix recommendations
#agile-workflow#code-review#vulnerability#management