Because every vulnerability has a story. We tell it before it's too late.
SKALD is an open-source, multi-ecosystem vulnerability analyzer that scans your projects for:
- 🔍 Known vulnerabilities in direct and transitive dependencies (CVE/GHSA/OSV)
- 🔐 Hardcoded secrets (API keys, passwords, tokens)
- 📝 Insecure code patterns (SQL Injection, XSS, Command Injection)
- 📜 License incompatibilities (GPL in commercial projects, etc.)
- 🐳 Container misconfigurations (Dockerfiles, Kubernetes, Terraform)
| Ecosystem | Status |
|---|---|
| Node.js | 🚧 In Progress |
| Python | 🚧 In Progress |
| Java | 📋 Planned |
| Go | 📋 Planned |
| Ruby | 📋 Planned |
| .NET | 📋 Planned |
| Rust | 📋 Planned |
| PHP | 📋 Planned |
# Install SKALD
go install github.com/Khr0x/skald/cmd/skald@latest
# Scan a project
skald scan ./my-project
# Update vulnerability database
skald db update
# Scan offline
skald scan ./my-project --offline
Unlike traditional scanners that only show CVSS, SKALD calculates a contextual Priority Score (0-100):
| Factor | Weight |
|---|---|
| CVSS v3 Score | 25% |
| EPSS Score | 20% |
| Reachability | 20% |
| Public Exploit | 15% |
| Fix Available | 10% |
| Exposure | 10% |
Define security policies in .skald.yaml:
version: 1
policies:
fail_on:
severity: [CRITICAL, HIGH]
cvss_min: 7.0
licenses:
deny: [GPL-3.0, AGPL-3.0]
See SKALD_SKILL.md for the complete technical reference.
See CONTRIBUTING.md for guidelines.
Apache-2.0 — See LICENSE for details.
SKALD — Security Kernel for Automated Leak Detection ⚔️