securing-github-actions-workflows
CommunitySecure your GitHub Actions workflows against common vulnerabilities.
AuthorRazisafir
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill addresses the security risks associated with GitHub Actions workflows, including supply chain attacks, credential theft, and privilege escalation.
Core Features & Use Cases
- Hardening Workflows: Provides guidelines and scripts to harden GitHub Actions workflows against common vulnerabilities.
- Action Pinning: Ensures actions are pinned to SHA digests to prevent supply chain attacks.
- Permission Minimization: Recommends minimizing GITHUB_TOKEN permissions to reduce the risk of credential theft.
- Secret Protection: Offers strategies to protect secrets and environment variables from exfiltration.
- Preventing Script Injection: Provides guidance on preventing script injection in workflow expressions.
- Workflow Change Controls: Recommends implementing required reviewers for workflow changes to maintain audit trails.
Quick Start
Run the 'agent.py' script to audit your GitHub Actions workflows for security issues.
Dependency Matrix
Required Modules
yamlrejsonpathlib
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: securing-github-actions-workflows Download link: https://github.com/Razisafir/KOVIX/archive/main.zip#securing-github-actions-workflows Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.