explainx.ainewsletter3.4k
tag

secure-sdlc

10 indexed skills · max 10 per page

skills (10)

implementing-policy-as-code-with-open-policy-agent

mukul975/Anthropic-Cybersecurity-Skills · implementing-policy-as-code-with-open-policy-agent

0

This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for policy-as-code enforcement in Kubernetes and CI/CD pipelines. It addresses writing Rego policies, deploying OPA Gatekeeper as a Kubernetes admission controller, testing policies in development, and integrating policy evaluation into deployment pipelines.

securing-github-actions-workflows

mukul975/Anthropic-Cybersecurity-Skills · securing-github-actions-workflows

0

This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes.

performing-container-image-hardening

mukul975/Anthropic-Cybersecurity-Skills · performing-container-image-hardening

0

This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing multi-stage builds, configuring non-root users, and applying CIS Docker Benchmark recommendations to produce secure production-ready images.

implementing-code-signing-for-artifacts

mukul975/Anthropic-Cybersecurity-Skills · implementing-code-signing-for-artifacts

0

This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout the software supply chain. It addresses signing binaries, packages, and containers using GPG, Sigstore, and platform-specific signing tools, establishing trust chains, and verifying signatures in deployment pipelines.

implementing-infrastructure-as-code-security-scanning

mukul975/Anthropic-Cybersecurity-Skills · implementing-infrastructure-as-code-security-scanning

0

This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using tools like Checkov, tfsec, and KICS. It addresses detecting misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and Helm charts before deployment, establishing policy-based governance, and integrating IaC scanning into CI/CD pipelines to prevent insecure cloud resource provisioning.

integrating-dast-with-owasp-zap-in-pipeline

mukul975/Anthropic-Cybersecurity-Skills · integrating-dast-with-owasp-zap-in-pipeline

0

This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.

performing-sca-dependency-scanning-with-snyk

mukul975/Anthropic-Cybersecurity-Skills · performing-sca-dependency-scanning-with-snyk

0

This skill covers implementing Software Composition Analysis (SCA) using Snyk to detect vulnerable open-source dependencies in CI/CD pipelines. It addresses scanning package manifests and lockfiles, automated fix pull request generation, license compliance checking, continuous monitoring of deployed applications, and integration with GitHub, GitLab, and Jenkins pipelines.

scanning-containers-with-trivy-in-cicd

mukul975/Anthropic-Cybersecurity-Skills · scanning-containers-with-trivy-in-cicd

0

This skill covers integrating Aqua Security's Trivy scanner into CI/CD pipelines for comprehensive container image vulnerability detection. It addresses scanning Docker images for OS package and application dependency CVEs, detecting misconfigurations in Dockerfiles, scanning filesystem and git repositories, and establishing severity-based quality gates that block deployment of vulnerable images.

integrating-sast-into-github-actions-pipeline

mukul975/Anthropic-Cybersecurity-Skills · integrating-sast-into-github-actions-pipeline

0

This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub Actions CI/CD pipelines. It addresses configuring automated code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results to GitHub Advanced Security, and establishing quality gates that block merges when high-severity vulnerabilities are detected.

implementing-secret-scanning-with-gitleaks

mukul975/Anthropic-Cybersecurity-Skills · implementing-secret-scanning-with-gitleaks

0

This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories. It addresses configuring pre-commit hooks, CI/CD pipeline integration, custom rule authoring for organization-specific secrets, baseline management for existing repositories, and remediation workflows for exposed credentials.