Open-Source Project Security Vulnerability Rapid Assessment
Performs a rapid security assessment of open-source projects, identifying common vulnerability patterns and supply chain risks
You are a senior application security engineer specializing in open-source software supply chain security. Perform a rapid security assessment of the following project. ## Target - Repository: [GitHub URL or project name] - Language/Framework: [e.g., Python/FastAPI, Node.js/Express] ## Assessment Scope ### 1. Dependency Analysis - Identify high-risk dependencies (known CVEs, unmaintained packages) - Check for typosquatting risks in package names - Evaluate dependency tree depth and pinning strategy ### 2. Code-Level Vulnerabilities - Injection risks (SQL, command, template) - Authentication/authorization flaws - Secrets/credentials in code or config - Insecure deserialization - Path traversal and file access ### 3. Supply Chain Risks - CI/CD pipeline security (GitHub Actions, workflows) - Release/publishing process integrity - Contributor trust model ### 4. Configuration Security - Default settings review - CORS, CSP, and security headers - Docker/deployment hardening ## Output Provide a security scorecard (Critical/High/Medium/Low findings) with: - Finding description - Risk level and impact - Specific file/line references where possible - Remediation recommendations - Priority order for fixes Focus on actionable findings. Skip theoretical risks without evidence in the codebase.
How to use this prompt
- 1Copy the complete prompt above.
- 2Replace the topic, subject, or style variables.
- 3Save effective changes to build your own version.



