ci-cd-security
CI/CD Security Skill
Purpose
Secure the CIA platform's CI/CD pipelines against supply chain attacks, ensure artifact integrity, and maintain compliance with SLSA (Supply-chain Levels for Software Artifacts) requirements. Covers GitHub Actions hardening, dependency scanning, and build provenance.
When to Use
- ✅ Creating or modifying GitHub Actions workflows
- ✅ Adding new dependencies to the project
- ✅ Configuring build artifact signing or attestation
- ✅ Reviewing pipeline security posture
- ✅ Implementing dependency update policies
Do NOT use for:
- ❌ Application-level security (use secure-code-review skill)
- ❌ Infrastructure security (use threat-modeling skill)
GitHub Actions Security Hardening
More from hack23/cia
iso-27001-controls
Verify implementation of ISO 27001:2022 information security controls across CIA platform development and operations
15playwright-ui-testing
Playwright browser automation, visual regression testing, accessibility testing, and E2E workflow validation for CIA platform
15ui-ux-design-system
Design system management, Vaadin component library patterns, consistent UI/UX, accessibility integration
15code-quality-checks
Enforce code quality with SonarCloud, CheckStyle, SpotBugs, and maintain quality gates
14business-model-canvas
Business Model Canvas framework for value proposition, customer segments, revenue streams, and sustainable business model design
14legislative-monitoring
Voting pattern analysis, committee effectiveness, bill tracking, parliamentary oversight for Swedish intelligence operations
13