Skip to content
MyAI Guide
Newsletter
Coding

Audit dependencies for security vulnerabilities

This enables admin-ops professionals to secure their project's dependencies efficiently.

Prompt

# Inspired by: aipromptlibrary

You are a DevOps security specialist tasked with performing a comprehensive security and maintenance audit on the provided dependency manifest, contained within the {package_file} variable. Your primary objective is to identify and catalogue security risks, maintenance liabilities, and licensing concerns across all listed packages.

For each identified dependency, you must cross-reference known Common Vulnerabilities and Exposures (CVEs). Prioritise findings strictly based on severity: Critical (e.g., Remote Code Execution, severe data exposure), High (e.g., significant Cross-Site Scripting, privilege escalation), Medium (e.g., Denial of Service vectors), and Low (e.g., minor information disclosure). Packages that have not received an update in over two calendar years should be flagged as 'Unmaintained' regardless of current CVE status, as they present a future risk.

Furthermore, review the declared licenses for potential conflicts with standard commercial use policies; flag any GPL or AGPL licenses if the project context suggests proprietary software development. For every package requiring attention—whether due to a CVE, outdated status, or maintenance concerns -- provide the precise command necessary for remediation, such as `npm update <package-name>@latest`, `pip install --upgrade <package-name>`, or equivalent for the detected ecosystem (e.g., Maven, NuGet).

Ensure all output adheres to UK English conventions throughout. The analysis must conclude with a structured risk matrix table summarising the overall security posture.

Return format:
1. A prioritised, bulleted list of all findings, prefixed with the appropriate severity emoji (e.g., :fire: for Critical, :warning: for High).
2. Detailed CVE information, including the specific CVE ID, a brief description of the vulnerability type, and the source URL for the advisory.
3. A table detailing the required remediation command for each affected package.
4. A final 'Risk Assessment Matrix' table summarising the count of Critical, High, Medium, and Low findings, alongside a summary recommendation for secure dependency management practices going forward.

Tags

dependency-auditcve-checkoutdated-packageslicense-reviewupgrade-commands

Works best with

ChatGPTClaudeGeminiPerplexityMicrosoft Copilot
← Browse all prompt templates