> trivy
Scan containers, filesystems, and repos for vulnerabilities with Trivy. Use when a user asks to scan Docker images for CVEs, audit filesystem for secrets, check IaC for misconfigurations, or add security scanning to CI.
curl "https://skillshub.wtf/TerminalSkills/skills/trivy?format=md"Trivy
Overview
Trivy is an open-source vulnerability scanner by Aqua Security. Scans container images, filesystems, git repos, and IaC for vulnerabilities, misconfigurations, and exposed secrets.
Instructions
Step 1: Install
brew install trivy
Step 2: Container Scanning
trivy image node:20-alpine
trivy image --severity CRITICAL,HIGH my-app:latest
trivy image --format json --output results.json my-app:latest
Step 3: Filesystem and Secret Scan
trivy fs .
trivy fs --scanners vuln,secret,misconfig .
Step 4: IaC Scanning
trivy config ./terraform/
trivy config ./k8s/
Guidelines
- Free and open-source — no account needed.
- Local vulnerability DB, updated automatically — scans are fast.
- Supports SBOM generation (CycloneDX, SPDX) for compliance.
- Use in CI to block deployments with critical CVEs.
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> xero-accounting
Integrate with the Xero accounting API to sync invoices, expenses, bank transactions, and contacts — and generate financial reports like P&L and balance sheet. Use when: connecting apps to Xero, automating bookkeeping workflows, syncing accounting data, or pulling financial reports programmatically.
> windsurf-rules
Configure Windsurf AI coding assistant with .windsurfrules and workspace rules. Use when: customizing Windsurf for a project, setting AI coding standards, creating team-shared Windsurf configurations, or tuning Cascade AI behavior.