Hook that triggers when dependency files change (package.json, requirements.txt, Cargo.toml, go.mod). Scans updated dependencies against known vulnerability databases and alerts on HIGH/CRITICAL CVEs.

Decompose a spec or plan into independently shippable vertical slices. Each slice cuts through all layers (DB, backend, API, frontend). Starts with a tracer bullet, builds a dependency graph, and creates GitHub issues.

Complete Snippbot setup for security analysts. Bundles a security-focused AI persona with threat modeling, CVE lookup, an incident-response workflow, dependency vulnerability alerts, weekly compliance reporting, and an OWASP knowledge base.