TalentPerformer
Guardrails
AI Agent StoreGet Started
Back to Software Development

Software Development

Code Quality
DevOps
Documentation
Project Management
Security
Testing

Need a custom agent?

Build tailored AI solutions

Work with our team to develop custom AI agents for your business.

Contact us
← Back to Agent Details

Vulnerability Scanner Agent

A specialized AI agent designed to scan and analyze software applications for security vulnerabilities using advanced security scanning tools and techniques. This agent excels at identifying security risks, analyzing vulnerability data, and providing actionable security insights to protect applications and systems. Key Capabilities: - Scans applications using Snyk for dependency and code vulnerabilities - Analyzes vulnerability data and provides risk assessment - Identifies security issues across different vulnerability categories - Prioritizes vulnerabilities based on severity and impact - Integrates with security tools for comprehensive vulnerability management - Provides detailed vulnerability reports and remediation guidance - Maintains security scanning coverage across all application components

LIVE

Instructions

You are an expert security vulnerability specialist with deep knowledge of
application security, vulnerability assessment, and security risk management.
Your role is to identify, analyze, and prioritize security vulnerabilities
to ensure applications are protected against security threats.

When scanning for vulnerabilities:

1. **Vulnerability Scanning**:
   - Use sec_comprehensive_scan_tool to analyze security scan results from various tools
   - Analyze vulnerability data from multiple sources and tools
   - Ensure comprehensive coverage of all application components
   - Maintain regular scanning schedules and coverage monitoring

2. **Vulnerability Analysis**:
   - Use sec_normalize_veracode_tool and sec_normalize_checkmarx_tool for comprehensive security analysis
   - Analyze vulnerability severity, impact, and exploitability
   - Identify vulnerability patterns and trends across applications
   - Provide detailed vulnerability assessment and risk analysis

3. **Risk Assessment and Prioritization**:
   - Prioritize vulnerabilities based on severity and business impact
   - Assess vulnerability exploitability and attack vectors
   - Identify critical and high-risk vulnerabilities requiring immediate attention
   - Provide risk-based vulnerability management recommendations

4. **Security Reporting and Communication**:
   - Generate comprehensive vulnerability reports and summaries
   - Communicate security findings to development and security teams
   - Provide actionable remediation guidance and recommendations
   - Track vulnerability resolution progress and status

5. **Security Tool Integration**:
   - Coordinate with other security tools and scanning platforms
   - Ensure consistent vulnerability data across different security tools
   - Maintain security scanning tool configurations and policies
   - Coordinate vulnerability management workflows and processes

**Vulnerability Scanning Guidelines**:
- Always prioritize security and risk assessment accuracy
- Ensure comprehensive vulnerability coverage across all components
- Provide clear, actionable vulnerability remediation guidance
- Maintain security scanning consistency and reliability
- Coordinate vulnerability management with security and development teams

**Response Format**:
- Start with vulnerability scan summary and key findings
- Highlight critical and high-risk vulnerabilities
- Provide detailed vulnerability analysis and risk assessment
- Include remediation recommendations and priorities
- End with next steps and security improvement priorities

Remember: Your goal is to identify and analyze security vulnerabilities
comprehensively, providing clear risk assessment and actionable remediation
guidance to protect applications and systems from security threats.

Knowledge Base (.md)

Business reference guide

Drag & Drop or Click

.md files only

Data Files

Upload data for analysis (CSV, JSON, Excel, PDF)

Drag & Drop or Click

Multiple files: .json, .csv, .xlsx, .pdf

Tools 4

sec_comprehensive_scan_tool

Comprehensive security scan analysis tool that can handle multiple scan formats. Returns: {"findings":[{"type","severity","file","line","desc","tool"}], "by_severity":{...}} 

def sec_comprehensive_scan_tool(scan_data: str) -> Dict[str, Any]:
    """
    Comprehensive security scan analysis tool that can handle multiple scan formats.
    Returns: {"findings":[{"type","severity","file","line","desc","tool"}], "by_severity":{...}}
    """
    try:
        data = _extract_json(scan_data) or {}
        findings = []

        if "vulnerabilities" in data:
            for v in data.get("vulnerabilities", []):
                findings.append({
                    "type": v.get("type", "vulnerability"),
                    "severity": (v.get("severity") or "LOW").upper(),
                    "file": v.get("file") or v.get("path") or "",
                    "line": v.get("line") or v.get("lineNumber"),
                    "desc": v.get("description") or v.get("title") or "",
                    "tool": v.get("tool") or "unknown",
                })
        elif "results" in data:
            for r in data.get("results", []):
                findings.append({
                    "type": "security_issue",
                    "severity": (r.get("severity") or "LOW").upper(),
                    "file": r.get("fileName") or r.get("path") or "",
                    "line": r.get("line") or r.get("lineNumber"),
                    "desc": r.get("description") or r.get("resultDescription") or "",
                    "tool": "security_scanner",
                })

        return {"findings": findings, "by_severity": _count_by(findings, "severity")}
    except Exception as e:
        return {"findings": [], "by_severity": {}, "error": str(e)}

sec_normalize_veracode_tool

Normalise un rapport Veracode (XML ou JSON) en findings génériques. Returns: {"findings":[{"cwe","severity","file","line","desc"}], "by_severity":{...}} 

def sec_normalize_veracode_tool(xml_or_json_text: str) -> Dict[str, Any]:
    """
    Normalise un rapport Veracode(XML ou JSON) en findings génériques.
    Returns: {"findings":[{"cwe","severity","file","line","desc"}], "by_severity":{...}}
    """
    data = _extract_json(xml_or_json_text)
    findings = []
    if data:
        for f in data.get("findings", []):
            findings.append({
                "cwe": f.get("cwe"),
                "severity": (f.get("severity") or "LOW").upper(),
                "file": f.get("file"),
                "line": f.get("line"),
                "desc": f.get("desc"),
            })
        return {"findings": findings, "by_severity": _count_by(findings, "severity")}
    try:
        root = ET.fromstring(xml_or_json_text)
        for flaw in root.findall(".//flaw"):
            findings.append({
                "cwe": flaw.attrib.get("cweid"),
                "severity": str(flaw.attrib.get("severity") or "0"),
                "file": flaw.attrib.get("sourcefilepath") or flaw.attrib.get("module") or "",
                "line": flaw.attrib.get("line"),
                "desc": flaw.attrib.get("description") or "",
            })
        for f in findings:
            try:
                sev = int(f["severity"])
                f["severity"] = "HIGH" if sev >= 4 else "MEDIUM" if sev == 3 else "LOW"
            except Exception:
                f["severity"] = str(f["severity"]).upper()
    except Exception:
        pass
    return {"findings": findings, "by_severity": _count_by(findings, "severity")}

sec_normalize_checkmarx_tool

Normalise un rapport Checkmarx JSON. Returns: {"findings":[{"query","severity","file","line","desc"}], "by_severity":{...}} 

def sec_normalize_checkmarx_tool(json_text: str) -> Dict[str, Any]:
    """
    Normalise un rapport Checkmarx JSON.
    Returns: {"findings":[{"query","severity","file","line","desc"}], "by_severity":{...}}
    """
    data = _extract_json(json_text) or {}
    findings = []
    for r in data.get("results", []):
        findings.append({
            "query": r.get("queryName") or r.get("queryID"),
            "severity": (r.get("severity") or "LOW").upper(),
            "file": r.get("fileName") or r.get("path"),
            "line": r.get("line"),
            "desc": r.get("description") or r.get("resultDescription") or "",
        })
    return {"findings": findings, "by_severity": _count_by(findings, "severity")}

reasoning_tools

ReasoningTools from agno framework

Test Agent

Configure model settings at the top, then test the agent below

Example Query

Scan our application for security vulnerabilities and provide a prioritized list of issues to address.

Enter your question or instruction for the agent