Claude Code Security Integration
Skylos integrates with Claude Code Security to give you the best of both worlds:
| Capability | Skylos | Claude Code Security |
|---|---|---|
| Dead code detection | Yes | No |
| Code quality analysis | Yes | No |
| Secrets scanning | Yes | No |
| Deep vulnerability patterns | Basic | Yes |
| Exploit scenario generation | No | Yes |
| Confidence scoring | No | Yes |
| CI/CD quality gates | Yes | No |
| Unified dashboard | Yes | No |
Dead code is attack surface. Clean before you scan.
Prerequisitesβ
- A Skylos account with credits (skylos.dev/dashboard/billing)
- An Anthropic API key (console.anthropic.com)
- A GitHub repository
Setupβ
1. Add secrets to your GitHub repoβ
Go to Settings > Secrets and variables > Actions and add:
| Secret | Value |
|---|---|
SKYLOS_TOKEN | From your Skylos project settings |
ANTHROPIC_API_KEY | From console.anthropic.com |
2. Generate the combined workflowβ
skylos cicd init --claude-security
This generates a workflow with three parallel/sequential jobs:
- skylos β Runs Skylos dead code + security + quality analysis (parallel)
- claude-security β Runs Claude Code Security review (parallel)
- upload-claude-findings β Ingests Claude findings into Skylos dashboard (sequential, after job 2)
3. Commit and pushβ
git add .github/workflows/skylos.yml && git push
Manual ingestionβ
If you already have Claude Code Security JSON output, you can ingest it directly:
# Ingest and upload to dashboard
skylos ingest claude-security --input claude-security-results.json
# Normalize only (no upload)
skylos ingest claude-security --input results.json --no-upload --json
# Use a specific token
skylos ingest claude-security --input results.json --token sk-xxx
Dashboardβ
Claude Security findings appear in your Skylos dashboard with:
- A blue "Claude Security" badge on scans and issues
- Confidence scores shown as percentages
- Exploit scenarios explaining how the vulnerability could be exploited
- Suggested fixes from Claude's analysis
- CWE references for compliance tracking
All Claude Security findings are categorized as SECURITY with CCS: rule ID prefixes (e.g., CCS:sql-injection).
Creditsβ
Claude Security ingestion costs 2 credits per upload (vs 1 credit for native Skylos scans). This reflects the multi-tool value of combining both analyses.
Check your balance:
skylos credits
Example workflowβ
See the full example workflow at .github/workflows/examples/skylos-plus-claude-security.yml.
How it worksβ
ββββββββββββββ ββββββββββββββββββββββββ
β Skylos β β Claude Code Security β
β (Job 1) β β (Job 2) β
β β β β
β Dead code β β Deep vulnerability β
β Quality β β Exploit scenarios β
β Secrets β β Confidence scores β
β Security β β β
βββββββ¬βββββββ ββββββββββββ¬βββββββββββββ
β β
β βΌ
β ββββββββββββββββββββββββ
β β skylos ingest β
β β claude-security β
β β (Job 3) β
β ββββββββββββ¬ββββββββββββ
β β
βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββ
β Skylos Dashboard β
β β
β Unified findings, quality gates, β
β issue tracking, notifications β
βββββββββββββββββββββββββββββββββββββββββββ