security-scanning-security-hardening

This skill implements a defense-in-depth security strategy across all application layers. It coordinates specialized security agents to perform comprehensive assessments, implement layered security controls, and establish continuous security monitoring. The approach follows modern DevSecOps principles with shift-left security, automated scanning, and compliance validation. Each phase builds upon previous findings to create a resilient security posture that addresses both current vulnerabilities and future threats.

The skill orchestrates a multi-phase process including vulnerability scanning, threat modeling, architecture review, remediation, controls implementation, validation, and compliance checks. It leverages various tools and techniques such as SAST/DAST, threat modeling methodologies, penetration testing, and compliance frameworks.

The goal is to establish a robust security posture, reduce risk, and ensure compliance with industry standards and regulations. It provides configuration options for scanning depth, compliance frameworks, remediation priority, monitoring integration, and authentication methods.

What It Does

Coordinates multi-agent orchestration to implement comprehensive security scanning and hardening, establishing defense-in-depth across application, infrastructure, and compliance controls.

When To Use

Use this skill when running a coordinated security hardening program, establishing defense-in-depth controls across app, infra, and CI/CD, or prioritizing remediation from scans and threat modeling.

Installation

Copy SKILL.md to your skills directory