status

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AppSec Status -- Security Dashboard

AppSec 状态 —— 安全仪表盘

Read the

.appsec/

state directory and present a concise security posture dashboard. Shows what has been scanned, what was found, what has changed since the last scan, and what to do next.

This skill runs entirely in the main agent context. It does NOT dispatch subagents. It reads state files produced by

/appsec:run

and

/appsec:full-audit

读取

.appsec/

状态目录并展示简洁的安全态势仪表盘。内容包括已扫描项、检测到的问题、自上次扫描以来的变更，以及下一步操作建议。

该Skill完全在主Agent上下文环境中运行，不会调度子Agent。它读取由

/appsec:run

和

/appsec:full-audit

生成的状态文件。

Supported Flags

支持的参数

Flag	Behavior
`--format text`	ASCII dashboard (default).
`--format json`	Structured JSON summary.
`--format md`	Markdown summary.
`--quiet`	Findings count only, no details.

参数	作用
`--format text`	ASCII格式仪表盘（默认）。
`--format json`	结构化JSON摘要。
`--format md`	Markdown格式摘要。
`--quiet`	仅显示检测结果数量，不展示详情。

State Files

状态文件

Read these files from the

.appsec/

directory:

File	Content	Required
`.appsec/findings.json`	Consolidated findings from last run	Yes
`.appsec/last-run.json`	Timestamp, scope, depth, tools used	Yes
`.appsec/start-assessment.json`	Stack detection, scanner availability	Optional
`.appsec/config.yaml`	User preferences (from `/appsec:config` )	Optional

从

.appsec/

目录读取以下文件：

文件	内容	是否必填
`.appsec/findings.json`	上次扫描的整合检测结果	是
`.appsec/last-run.json`	时间戳、扫描范围、深度、使用的工具	是
`.appsec/start-assessment.json`	栈检测结果、扫描器可用性	可选
`.appsec/config.yaml`	用户偏好设置（来自 `/appsec:config` ）	可选

Workflow

工作流程

Step 1: Check State Exists

步骤1：检查状态文件是否存在

Use Glob to check for

.appsec/findings.json

and

.appsec/last-run.json

If NO state files exist, output:

=====================================================
         APPSEC STATUS -- No Data
=====================================================

No security scan data found. Run a scan first:

  /appsec:start       Assess project and get recommendations
  /appsec:run          Run smart security scan
  /appsec:full-audit   Exhaustive audit with report

=====================================================

使用Glob工具检查

.appsec/findings.json

和

.appsec/last-run.json

是否存在。

如果不存在状态文件，输出：

=====================================================
         APPSEC STATUS -- 无数据
=====================================================

未找到安全扫描数据，请先运行扫描：

  /appsec:start       评估项目并获取建议
  /appsec:run          运行智能安全扫描
  /appsec:full-audit   执行全面审计并生成报告

=====================================================

Step 2: Load State

步骤2：加载状态文件

Read

.appsec/findings.json

and

.appsec/last-run.json

. Optionally read

.appsec/start-assessment.json

and

.appsec/config.yaml

if they exist.

读取

.appsec/findings.json

和

.appsec/last-run.json

。如果存在

.appsec/start-assessment.json

和

.appsec/config.yaml

，也可选择性读取。

Step 3: Detect Changes Since Last Scan

步骤3：检测自上次扫描以来的变更

Run

git diff --name-only

against the timestamp in

last-run.json

to determine which files have changed since the last scan. Classify changes:

Modified files with findings: existing findings may be resolved or new issues introduced.
New files: not yet scanned.
Deleted files: findings for these files are now stale.

Count the changed files and note the high-risk ones (files that had findings in the last scan).

根据

last-run.json

中的时间戳，运行

git diff --name-only

命令来确定自上次扫描以来哪些文件发生了变更。对变更进行分类：

已修改且包含检测结果的文件：既有检测结果可能已解决，也可能引入了新问题。
新文件：尚未被扫描。
已删除文件：这些文件对应的检测结果已失效。

统计变更文件的数量，并标记高风险文件（上次扫描中存在检测结果的文件）。

Step 4: Compute Summary Statistics

步骤4：计算汇总统计数据

From the findings data, compute:

Total findings by severity (critical, high, medium, low).
Findings by framework (OWASP, STRIDE, PASTA, LINDDUN, etc.).
Findings by tool (secrets, injection, access-control, etc.).
Top 5 files by finding count.
Scanner coverage (which scanners ran, which are missing).
Stale findings (in files that have been modified since the scan).

根据检测结果数据，计算以下内容：

按严重程度划分的检测结果总数（Critical、High、Medium、Low）。
按框架划分的检测结果（OWASP、STRIDE、PASTA、LINDDUN等）。
按工具划分的检测结果（secrets、injection、access-control等）。
检测结果数量最多的前5个文件。
扫描器覆盖情况（已运行的扫描器、缺失的扫描器）。
失效检测结果（扫描后被修改的文件中的检测结果）。

Step 5: Output Dashboard

步骤5：输出仪表盘

Text Format (default)

文本格式（默认）

=====================================================
            APPSEC STATUS -- Dashboard
=====================================================

LAST SCAN: <timestamp> (<relative time, e.g., "2 hours ago">)
SCOPE:     <scope from last run>
DEPTH:     <depth from last run>

FINDINGS:
  +-------+----------+------+--------+-----+-------+
  |       | Critical | High | Medium | Low | Total |
  +-------+----------+------+--------+-----+-------+
  | Count |    N     |  N   |   N    |  N  |   N   |
  +-------+----------+------+--------+-----+-------+

TOP PRIORITIES:
  1. <ID>  <severity>  <title>  (<file>:<line>)
  2. <ID>  <severity>  <title>  (<file>:<line>)
  3. <ID>  <severity>  <title>  (<file>:<line>)
  4. <ID>  <severity>  <title>  (<file>:<line>)
  5. <ID>  <severity>  <title>  (<file>:<line>)

CHANGES SINCE LAST SCAN:
  Files modified:  N
  New files:       N
  Files with existing findings modified:  N
  Stale findings (file changed):          N

SCANNER STATUS:
  <scanner>  installed  <N findings>
  <scanner>  installed  <N findings>
  <scanner>  missing    (would cover: <categories>)

FRAMEWORKS RUN:
  OWASP Top 10    <N findings>
  STRIDE          <N findings>
  PASTA           <N findings>   (or "not run")
  LINDDUN         <N findings>   (or "not run")
  SANS/CWE 25     <N findings>   (or "not run")

HOTSPOT FILES:
  <file>  <N findings>  (<severities>)
  <file>  <N findings>  (<severities>)
  <file>  <N findings>  (<severities>)

=====================================================
  /appsec:run                 Re-scan (detects changes)
  /appsec:explain <ID>        Explain a finding
  /appsec:run --scope changed Scan only changed files
=====================================================

=====================================================
            APPSEC STATUS -- 仪表盘
=====================================================

上次扫描时间：<时间戳>（<相对时间，例如："2小时前">）
扫描范围：     <上次运行的扫描范围>
扫描深度：     <上次运行的扫描深度>

检测结果：
  +-------+----------+------+--------+-----+-------+
  |       | Critical | High | Medium | Low | 总计 |
  +-------+----------+------+--------+-----+-------+
  | 数量 |    N     |  N   |   N    |  N  |   N   |
  +-------+----------+------+--------+-----+-------+

最高优先级问题：
  1. <ID>  <严重程度>  <标题>  (<文件>:<行号>)
  2. <ID>  <严重程度>  <标题>  (<文件>:<行号>)
  3. <ID>  <严重程度>  <标题>  (<文件>:<行号>)
  4. <ID>  <严重程度>  <标题>  (<文件>:<行号>)
  5. <ID>  <严重程度>  <标题>  (<文件>:<行号>)

自上次扫描以来的变更：
  修改的文件数：  N
  新增的文件数：       N
  包含既有检测结果的已修改文件数：  N
  失效检测结果（文件已修改）：          N

扫描器状态：
  <扫描器>  已安装  <N 个检测结果>
  <扫描器>  已安装  <N 个检测结果>
  <扫描器>  缺失   （可覆盖：<分类>）

已运行的框架：
  OWASP Top 10    <N 个检测结果>
  STRIDE          <N 个检测结果>
  PASTA           <N 个检测结果>  （或"未运行"）
  LINDDUN         <N 个检测结果>  （或"未运行"）
  SANS/CWE 25     <N 个检测结果>  （或"未运行"）

热点文件：
  <文件>  <N 个检测结果> （<严重程度>）
  <文件>  <N 个检测结果> （<严重程度>）
  <文件>  <N 个检测结果> （<严重程度>）

=====================================================
  /appsec:run                 重新扫描（检测变更）
  /appsec:explain <ID>        解释某一检测结果
  /appsec:run --scope changed 仅扫描已变更文件
=====================================================

JSON Format

JSON格式

json

{
  "last_scan": {
    "timestamp": "2026-02-14T10:30:00Z",
    "scope": "full",
    "depth": "standard",
    "tools_used": ["secrets", "injection", "access-control"]
  },
  "findings": {
    "total": 12,
    "by_severity": { "critical": 1, "high": 3, "medium": 5, "low": 3 },
    "by_framework": { "owasp": 8, "stride": 3, "secrets": 1 },
    "top_priorities": [
      { "id": "INJ-001", "severity": "critical", "title": "...", "file": "..." }
    ]
  },
  "changes_since_scan": {
    "modified_files": 5,
    "new_files": 2,
    "files_with_findings_modified": 1,
    "stale_findings": 3
  },
  "scanners": {
    "semgrep": { "installed": true, "findings": 4 },
    "gitleaks": { "installed": false }
  }
}

json

{
  "last_scan": {
    "timestamp": "2026-02-14T10:30:00Z",
    "scope": "full",
    "depth": "standard",
    "tools_used": ["secrets", "injection", "access-control"]
  },
  "findings": {
    "total": 12,
    "by_severity": { "critical": 1, "high": 3, "medium": 5, "low": 3 },
    "by_framework": { "owasp": 8, "stride": 3, "secrets": 1 },
    "top_priorities": [
      { "id": "INJ-001", "severity": "critical", "title": "...", "file": "..." }
    ]
  },
  "changes_since_scan": {
    "modified_files": 5,
    "new_files": 2,
    "files_with_findings_modified": 1,
    "stale_findings": 3
  },
  "scanners": {
    "semgrep": { "installed": true, "findings": 4 },
    "gitleaks": { "installed": false }
  }
}

Important Rules

重要规则

Do NOT invent findings or statistics. Only report what is in the state files.
Do NOT fabricate compliance scores or percentages. There is no meaningful way to express security posture as a single percentage.
Do NOT claim the codebase is "secure" or "insecure" based on finding count alone. Zero findings from a narrow scan does not mean secure.
If the last scan used
```
--scope changed
```
on 3 files, note that coverage is limited.
If the state data is more than 7 days old, flag it prominently as stale.

不得虚构检测结果或统计数据，仅报告状态文件中的内容。
不得编造合规分数或百分比。目前没有合理的方式将安全态势表示为单一百分比。
不得仅根据检测结果数量就声称代码库是“安全”或“不安全”的。范围狭窄的扫描未发现问题并不代表安全。
如果上次扫描使用了
```
--scope changed
```
参数仅扫描了3个文件，需注明扫描覆盖范围有限。
如果状态数据已超过7天，需将其显著标记为失效数据。