owasp-cicd-top-10
OWASP Top 10 CI/CD Security Risks
This skill encodes the OWASP Top 10 CI/CD Security Risks for secure pipeline design and review. References are loaded per risk. Based on OWASP Top 10 CI/CD Security Risks 2022.
When to Read Which Reference
| Risk | Read |
|---|---|
| CICD-SEC-1 Insufficient Flow Control | references/cicd-sec-1-flow-control.md |
| CICD-SEC-2 Inadequate IAM | references/cicd-sec-2-iam.md |
| CICD-SEC-3 Dependency Chain Abuse | references/cicd-sec-3-dependency-chain-abuse.md |
| CICD-SEC-4 Poisoned Pipeline Execution | references/cicd-sec-4-poisoned-pipeline-execution.md |
| CICD-SEC-5 Insufficient PBAC | references/cicd-sec-5-pbac.md |
| CICD-SEC-6 Insufficient Credential Hygiene | references/cicd-sec-6-credential-hygiene.md |
| CICD-SEC-7 Insecure System Configuration | references/cicd-sec-7-insecure-system-config.md |
| CICD-SEC-8 Ungoverned 3rd Party Services | references/cicd-sec-8-third-party-services.md |
| CICD-SEC-9 Improper Artifact Integrity Validation | references/cicd-sec-9-artifact-integrity.md |
| CICD-SEC-10 Insufficient Logging and Visibility | references/cicd-sec-10-logging-visibility.md |
More from yariv1025/skills
owasp-mobile-top-10
OWASP Mobile Top 10 - prevention, detection, and remediation for iOS/Android app security. Use when building or reviewing mobile apps - credentials, supply chain, auth, input/output validation, communication, privacy, binary protection, config, data storage, cryptography.
16owasp-api-security-top-10
OWASP API Security Top 10 - prevention, detection, and remediation for REST/GraphQL/API security. Use when designing or reviewing APIs - object- and function-level authorization, authentication, rate limiting and resource consumption, sensitive business flows, SSRF, API inventory and versioning, or consumption of third-party APIs.
14agent-dev-guardrails
Enforce disciplined agent development workflows with plan-first development, small-slice execution, specialized self-review roles, quality gates, and project setup. Use when starting a new project, setting up development conventions, wanting structured planning, or needing the agent to follow best practices for code quality, review, and validation.
8owasp-iot-top-10
OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy.
7owasp-serverless-top-10
OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10.
7owasp-privacy-top-10
OWASP Top 10 Privacy Risks - prevention, detection, and remediation for privacy in web applications. Use when addressing app vulnerabilities, data leakage, breach response, consent, transparency, data deletion, data quality, session expiration, user access rights, excessive data collection.
6