- Home
- Skills
- Baz Scm
- Awesome Reviewers
- Secure Coding
secure-coding_skill
- HTML
93
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill baz-scm/awesome-reviewers --skill secure-coding- SKILL.md1.7 KB
Overview
This skill teaches developers to build security into every stage of software development, from writing safe code to securing deployments. It focuses on defensive coding, threat awareness, and practical controls that reduce common vulnerabilities. The goal is to make secure choices routine so applications and user data remain protected.
How this skill works
The skill inspects code and development practices for common security weaknesses and recommends concrete fixes based on proven standards like the OWASP Top 10. It emphasizes automated checks (static analysis, dependency scanning) and peer review patterns, plus cloud and API hardening steps. Outputs include prioritized findings, remediation steps, and configuration guidance to close gaps quickly.
When to use it
- During pull request reviews to catch insecure patterns before merge
- When onboarding developers to enforce consistent secure coding habits
- Before production deployments to validate cloud and API configurations
- When integrating security into CI/CD pipelines with automated gates
- When evaluating third-party libraries or dependencies for risk
Best practices
- Validate all inputs and encode outputs to prevent injection and XSS
- Follow OWASP Top 10 and language-specific secure coding standards
- Use strong authentication, authorization, and least-privilege design
- Automate static analysis and dependency scanning in CI pipelines
- Store secrets in secret managers and use TLS/HTTPS for transport
Example use cases
- Agentic code review flags unsafe string concatenation used in SQL queries and suggests parameterized queries
- CI pipeline run fails a build when known vulnerable dependency versions are detected
- Pre-deployment checklist verifies API tokens are not hard-coded and recommends secrets manager integration
- Pull request guidance adds input validation and output encoding for user-supplied fields
- Cloud configuration review identifies overly permissive IAM roles and provides least-privilege replacements
FAQ
No. This skill empowers developers to reduce common risks and shift security left, but it complements — not replaces — dedicated security experts for threat modeling, incident response, and compliance.
Which tools should I add to CI for best coverage?
Combine static application security testing (SAST), dependency vulnerability scanners, and secret detection. Add runtime monitoring and infrastructure-as-code scanners for cloud environments.