ci-cd-supply-chain
CommunitySecure your CI/CD workflows with in-depth risk assessment.
AuthorShah-Aayush
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill meticulously examines CI/CD workflow files for potential security vulnerabilities and build-related risks, providing a first line of defense against compromised codebases.
Core Features & Use Cases
- CI/CD Security Audit: Scans .github/workflows/, .pre-commit-config.yaml, Jenkinsfile, and more for security best practices.
- Secret Exposure Detection: Flags any exposure of sensitive information in CI logs or scripts.
- Untrusted Input Interpolation: Identifies potential shell injection vulnerabilities in workflow scripts.
- Third-party Action Security: Reviews third-party actions for security issues like outdated versions or unknown publishers.
- Use Case: For a development team managing CI/CD pipelines, this Skill helps ensure that workflows are secure, especially for repositories handling sensitive data.
Quick Start
Activate the ci-cd-supply-chain skill on a PR that includes changes to any workflow file to get a security audit of the CI/CD setup.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ci-cd-supply-chain Download link: https://github.com/Shah-Aayush/pr-reviewer/archive/main.zip#ci-cd-supply-chain Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.