qa-sca

Software composition analysis gate using Syft (SBOM generation) and Grype (CVE scanning) plus license compliance checking. Generates a CycloneDX SBOM, scans for CVEs in all direct and transitive dependencies, flags denied license types (GPL, AGPL), and diffs against the previous SBOM to surface only new findings per run. Env vars: SCA_FAIL_ON_CRITICAL, SCA_LICENSE_DENY_LIST. (qa-agentic-team)

Safety Notice

This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.

Copy this and send it to your AI assistant to learn

Install skill "qa-sca" with this command: npx skills add vslvslv/skillsmp-vslvslv-vslvslv-qa-sca

No markdown body

This source entry does not include full markdown content beyond metadata.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHub

Related Skills

Related by shared tags or category signals.

Security

qa-a11y

Automated accessibility audit skill. Three-phase pipeline: (1) axe-core rule-based scan via @axe-core/playwright (covers ~35% WCAG 2.1 AA issues), (2) Claude semantic layer grouping violations by WCAG POUR principle with user impact and code-level fix suggestions, (3) AI-generated alt text for images lacking descriptions. Produces a structured report with WCAG SC references, severity, and fix confidence. Use when asked to "qa accessibility", "a11y audit", "WCAG check", "axe scan", or included automatically by /qa-team for web apps. (qa-agentic-team)

Repository SourceNeeds Review
-0vslvslv
Coding

qa-ci-trace

CI build intelligence from OTel traces. Analyzes build trace data emitted by Honeycomb buildevents or an OTLP backend to identify the slowest test stages, flappy infrastructure steps, parallelism opportunities, and recurring failure patterns across recent runs. Produces an actionable CI optimization report. Env vars: BUILDEVENTS_APIKEY, CI_TRACE_LOOKBACK, HONEYCOMB_DATASET. (qa-agentic-team)

Repository SourceNeeds Review
-0vslvslv
Automation

qa-cost

AI API cost tracking and budget gate. Reads token usage metadata from CTRF output files produced by qa-* skills, computes estimated cost per skill using current Claude model pricing, and can block CI if the total run cost exceeds a configured budget. Provides financial observability alongside functional QA observability. Env vars: QA_COST_BUDGET, QA_COST_MODEL. (qa-agentic-team)

Repository SourceNeeds Review
-0vslvslv
Automation

qa-coverage-gate

Test coverage delta gate. Runs the project's coverage tooling, computes per-file coverage change between the current branch and the base branch, and blocks CI if changed files drop below a configurable threshold. For files below threshold, generates LLM-suggested test stubs targeting the specific uncovered lines. Env vars: COVERAGE_THRESHOLD, COVERAGE_COMPARE_BRANCH, COVERAGE_GENERATE_STUBS. (qa-agentic-team)

Repository SourceNeeds Review
-0vslvslv
qa-sca | V50.AI