ci-cd-security
Installation
SKILL.md
CI/CD Security Skill
Purpose
Secure the CIA platform's CI/CD pipelines against supply chain attacks, ensure artifact integrity, and maintain compliance with SLSA (Supply-chain Levels for Software Artifacts) requirements. Covers GitHub Actions hardening, dependency scanning, and build provenance.
When to Use
- ✅ Creating or modifying GitHub Actions workflows
- ✅ Adding new dependencies to the project
- ✅ Configuring build artifact signing or attestation
- ✅ Reviewing pipeline security posture
- ✅ Implementing dependency update policies
Do NOT use for:
- ❌ Application-level security (use secure-code-review skill)
- ❌ Infrastructure security (use threat-modeling skill)