Adds baseline CI security scanning with secrets detection, dependency checks, and SAST in a way that won't grind your pipeline to a halt on day one. The progressive disclosure starts with high-signal checks and lets you ratchet up coverage over time instead of drowning in noise. Smart bit is the exception handling: every bypass needs an owner, expiry date, and justification, so your technical debt stays visible. Built for teams that want real security gates without turning every PR into a negotiation. Includes a tooling matrix and triage workflows so you're not reinventing the wheel when Dependabot flags your third transitive vulnerability this week.
npx skills add https://github.com/bobmatnyc/claude-mpm-skills --skill security-scanning