Add the GitHub repository to the orb description.
https://github.com/CircleCI-Public/Orb-Policies/blame/master/Orb%20Best%20Practices%20Guidelines.md#L13

Consider adding the orbtoberfest label on this issue to have it appear on our upcoming Hacktoberfest landing page

The check-vulnerabilities command is utilized by a job which includes the python executor, but the command itself may be used by anyone, in any execution environment.

https://github.com/Contrast-Security-OSS/contrast-security-orb/blob/master/src/commands/check-vulnerabilities.yml#L62

Add a precheck searching for Python which python and fail if Python is not installed gracefully.

Consider adding the orbtoberfest label on this issue to have it appear on our upcoming Hacktoberfest landing page

Suggestion from best practice guideline. Consider parameterizing the docker image or tag to protect against potential sudden changes to the hardcoded docker tag.

https://github.com/CircleCI-Public/Orb-Policies/blame/master/Orb%20Best%20Practices%20Guidelines.md#L49

You may also be interested in using CircleCI's new beta images which are highly optimized for speed. https://hub.docker.com/u/cimg

Consider adding the orbtoberfest label on this issue to have it appear on our upcoming Hacktoberfest landing page

Currently, the tests on CircleCI can have the severity level set in order to automatically fail a job if vulnerabilities are found. Would it be possible to have the results sent back to the CircleCI job to be uploaded as either an artifact or possibly in JUnit format for the built-in test-results tab (if applicable to the type of report generated).

Uploading Artifacts: https://circleci.com/docs/2.0/artifacts/#uploading-artifacts
Saving Test Results: https://circleci.com/docs/2.0/collect-test-data/

A small HTML report could be generated from the JSON data.

Consider adding the orbtoberfest label on this issue to have it appear on our upcoming Hacktoberfest landing page