ci-cd-supply-chain

Community

Secure your CI/CD workflows with in-depth risk assessment.

AuthorShah-Aayush
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill meticulously examines CI/CD workflow files for potential security vulnerabilities and build-related risks, providing a first line of defense against compromised codebases.

Core Features & Use Cases

  • CI/CD Security Audit: Scans .github/workflows/, .pre-commit-config.yaml, Jenkinsfile, and more for security best practices.
  • Secret Exposure Detection: Flags any exposure of sensitive information in CI logs or scripts.
  • Untrusted Input Interpolation: Identifies potential shell injection vulnerabilities in workflow scripts.
  • Third-party Action Security: Reviews third-party actions for security issues like outdated versions or unknown publishers.
  • Use Case: For a development team managing CI/CD pipelines, this Skill helps ensure that workflows are secure, especially for repositories handling sensitive data.

Quick Start

Activate the ci-cd-supply-chain skill on a PR that includes changes to any workflow file to get a security audit of the CI/CD setup.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ci-cd-supply-chain
Download link: https://github.com/Shah-Aayush/pr-reviewer/archive/main.zip#ci-cd-supply-chain

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.