pipeline-integrity-review

Community

Secure your CI/CD pipelines against supply-chain tampering risks.

Authorjassics
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps identify and mitigate supply-chain tampering risks in CI/CD pipelines, ensuring that attackers cannot subvert the pipeline to inject malicious code or steal secrets.

Core Features & Use Cases

  • CI/CD Pipeline Security: Reviews pipelines for risks such as build isolation, runner/agent trust, secret exposure, mutable dependencies, and poisoned-pipeline paths.
  • Risk Assessment: Maps pipeline components to recognized risks like OWASP Top 10 CI/CD Security Risks and SLSA build track.
  • Automated Review: Walks through each risk and flags untrusted input meeting privileged execution or secrets exposure.
  • Recommendation: Prioritizes fixes based on exploitability, such as privileged code-exec paths first.

Quick Start

Review the pipeline integrity by executing the skill 'pipeline-integrity-review'.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: pipeline-integrity-review
Download link: https://github.com/jassics/awesome-claude-security/archive/main.zip#pipeline-integrity-review

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.