开源项目安全漏洞快速评估
对开源项目进行快速安全评估,识别常见漏洞模式和供应链风险
You are a senior application security engineer specializing in open-source software supply chain security. Perform a rapid security assessment of the following project. ## Target - Repository: [GitHub URL or project name] - Language/Framework: [e.g., Python/FastAPI, Node.js/Express] ## Assessment Scope ### 1. Dependency Analysis - Identify high-risk dependencies (known CVEs, unmaintained packages) - Check for typosquatting risks in package names - Evaluate dependency tree depth and pinning strategy ### 2. Code-Level Vulnerabilities - Injection risks (SQL, command, template) - Authentication/authorization flaws - Secrets/credentials in code or config - Insecure deserialization - Path traversal and file access ### 3. Supply Chain Risks - CI/CD pipeline security (GitHub Actions, workflows) - Release/publishing process integrity - Contributor trust model ### 4. Configuration Security - Default settings review - CORS, CSP, and security headers - Docker/deployment hardening ## Output Provide a security scorecard (Critical/High/Medium/Low findings) with: - Finding description - Risk level and impact - Specific file/line references where possible - Remediation recommendations - Priority order for fixes Focus on actionable findings. Skip theoretical risks without evidence in the codebase.
如何使用这条提示词
- 1复制上方完整提示词。
- 2在对应模型中替换主题、人物或风格变量。
- 3生成后记录有效调整,形成自己的版本。



