Дмитрий
078e829b38
18 карточек (все external): phase-3 (semgrep, trivy, dependabot, pg-audit, pg-anonymizer) + UI-pool (ui-ux-pro-max, 21st-magic, claude-md-management) + debug-runtime (sentry-mcp, redis-mcp) + architecture-tooling (adr-kit, mermaid, architecture-patterns, deptrac) + audit-security (trail-of-bits, security-guidance) + project-management (ccpm, product-management). zero-hash + path"" → G4 инертен. m3a 3/3 GREEN. 42/86 карточек готово. coverage: skill:executing-plans
13 lines
676 B
JSON
13 lines
676 B
JSON
{
|
|
"skill": "trivy",
|
|
"kind": "external",
|
|
"needs": ["Docker-образ для скана"],
|
|
"produces": ["отчёт о CVE в OS-пакетах и зависимостях образа"],
|
|
"constraints": ["скан Docker-образов в CI перед push в registry", "НЕ скан кода (Semgrep)"],
|
|
"preview-form": "none",
|
|
"defaults": ["trivy image перед push в Yandex Container Registry"],
|
|
"key-decisions": ["порог severity для блока"],
|
|
"acceptance-criteria": ["0 критичных CVE в образе"],
|
|
"source": { "version": "n/a", "hash": "0000000000000000000000000000000000000000000000000000000000000000", "path": "" }
|
|
}
|