A collection of Fortinet security plugins for Claude Code.
| Plugin | Description |
|---|---|
| code-security | Automated IaC and SCA scanning — scans infrastructure-as-code and dependency manifests for vulnerabilities after every task |
In Claude Code, register the marketplace and install a plugin:
/plugin marketplace add lacework/forticnapp-llm-plugins
/plugin install code-security@fortinet-plugins
See each plugin's README for setup and configuration details.
This repo uses two branches:
main— release branch. Users install from here. Protected (requires PRs).dev— development branch. All feature/fix PRs should targetdev.
-
Development: PRs merge to
dev. Tests run automatically on every PR. Version is bumped automatically on each merge based on conventional commit prefixes:Commit prefix Version bump feat!:,fix!:(breaking change)Major ( 1.0.0→2.0.0)feat:Minor ( 1.0.0→1.1.0)fix:,chore:,refactor:, etc.Patch ( 1.0.0→1.0.1) -
Release: A repo owner creates a PR from
dev→main. When merged, a GitHub Release is created automatically with a.zipartifact. -
Manual override: Go to Actions → Release → Run workflow and enter a specific version for hotfixes.
Available versions are listed on the Releases page.
- Create a directory under
plugins/<plugin-name>/ - Add
.claude-plugin/plugin.jsonwith name, version, description - Add hooks, skills, and scripts as needed
- Register the plugin in
.claude-plugin/marketplace.jsonwith"source": "./plugins/<plugin-name>" - Submit a PR targeting
dev
- Create a branch from
devfor your work - Make your changes following existing patterns
- Run the test suite:
bash plugins/code-security/tests/test-*.sh - Submit a PR targeting
dev, filling in the pull request template - Once approved and merged, changes will be included in the next release