f418a8fe08
Full port of llm-security plugin for internal use on Windows with GitHub Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs) normalizes Copilot camelCase I/O to Claude Code snake_case format — all original hook scripts run unmodified. - 8 hooks with protocol translation (stdin/stdout/exit code) - 18 SKILL.md skills (Agent Skills Open Standard) - 6 .agent.md agent definitions - 20 scanners + 14 scanner lib modules (unchanged) - 14 knowledge files (unchanged) - 39 test files including copilot-port-verify.mjs (17 tests) - Windows-ready: node:path, os.tmpdir(), process.execPath, no bash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
| name | description |
|---|---|
| security-diff | Compare scan results against a stored baseline — shows new, resolved, unchanged, and moved findings |
Security Diff
Compare current scan against a stored baseline to track security changes over time.
Step 1: Check Baseline
Check if a baseline exists:
ls <plugin-root>/reports/baselines/
If no baselines exist, this is a first run — the scan will create the initial baseline.
Step 2: Run Scan with Baseline
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --baseline --save-baseline
Target = $ARGUMENTS or current working directory.
Step 3: Display Results
First run (no prior baseline): Show baseline created summary with finding counts.
Subsequent runs: Parse diff output showing:
- New findings (not in baseline)
- Resolved findings (in baseline but not current)
- Moved findings (same finding, different location)
- Unchanged findings (same as baseline)
Format as tables for each category.
Step 4: Advisory
- All resolved, no new: "Security improving."
- New findings detected: "Regression detected. Review new findings."
- No changes: "Stable. No security changes since last baseline."