security_skill
- Shell
2
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill pluginagentmarketplace/custom-plugin-devops --skill security- SKILL.md815 B
Overview
This skill packages DevSecOps practices for CI/CD and infrastructure automation, focused on secrets, certificates, image scanning, and access control. It helps teams shift security left by integrating secrets management, SSL/TLS lifecycle, and container/image checks into deployment pipelines. The skill is designed for automation with shell-centric tooling and templates to enforce repeatable security controls.
How this skill works
The skill inspects repository and pipeline configurations to locate credentials, certificate usage, SSH keys, and container images. It automates checks and remediation steps: rotate or centralize secrets into vaults, validate and renew SSL/TLS certs, harden SSH configuration, and run container image vulnerability scans. It can also generate RBAC rules and link optional SAST/DAST, OPA policies, or incident automation hooks.
When to use it
- Integrating security controls into CI/CD pipelines before production deploys
- Centralizing and rotating secrets from environment variables to a secrets store
- Validating SSL/TLS certificate coverage and automating renewals
- Scanning container images and code for vulnerabilities before release
- Defining RBAC and access controls for cloud and cluster resources
Best practices
- Enforce secrets-in-vault policy and avoid plaintext credentials in code or CI logs
- Automate certificate issuance and renewal with ACME or managed PKI
- Harden SSH by disabling password auth, using forced commands and limited principals
- Integrate image scanning in pipeline gates and fail builds on critical CVEs
- Use least-privilege RBAC and codify policies with Rego/OPA for repeatability
Example use cases
- Migrate CI environment variables to Vault or AWS Secrets Manager and add runtime retrieval
- Add a pipeline step to scan Docker images with Clair or Trivy and block on high-severity findings
- Automate Let's Encrypt/ACME certificate issuance and renewal tied to deployment jobs
- Generate minimal RBAC roles for a team and enforce them via GitOps manifests
- Wire up SAST and DAST tools to nightly jobs and create a ticket on new high-risk results
FAQ
No. It integrates and automates use of existing secret stores like Vault or AWS Secrets Manager rather than acting as a new secret repository.
Can it block deployments with critical vulnerabilities?
Yes. It supports pipeline gates that fail builds or prevent promotion when configured policies detect critical CVEs or failed security checks.