Pipeline Security Assessment

Overview

If a target is provided via arguments, focus the review on: $ARGUMENTS

This skill performs a structured security review of CI/CD pipeline configurations against two industry-standard frameworks:

• SLSA v1.0 (Supply-chain Levels for Software Artifacts) -- Build level determination per slsa.dev specifications.
• OWASP Top 10 CI/CD Security Risks -- Systematic evaluation against all ten CICD-SEC controls defined by the OWASP CI/CD Security project.

The assessment produces a formal report containing a SLSA build level determination, per-control CICD-SEC findings, and prioritized remediation guidance.

Objectives