project-codeguard/rules
Overview
This skill integrates Project CodeGuard guidance to help AI coding agents produce secure-by-default code and prevent common vulnerabilities. It embeds core security rules, language-specific checks, and validators into code generation and review workflows. Use it to enforce consistent security practices across features, languages, and CI/CD pipelines.
How this skill works
The skill inspects the coding context (language, data flows, infrastructure, and sensitive operations) and selects always-applicable rules plus language-specific rule sets. During generation it applies secure patterns and annotates security decisions; during review it runs implementation checklists, flags violations (for example hardcoded secrets or unsafe crypto), and recommends fixes. It also documents which CodeGuard rules were applied and highlights security features implemented.
When to use it
- When writing new code in any language to ensure secure defaults
- When reviewing or refactoring existing code for vulnerabilities
- When implementing auth, cryptography, data handling, or input processing
- When configuring cloud, CI/CD, containers, or infrastructure-as-code
- When handling credentials, sensitive data, or third-party API integration
Best practices
- Always run 'hardcoded credentials' and modern-crypto checks on every change
- Validate and sanitize all external input and use parameterized queries
- Apply least-privilege for services, tokens, and runtime permissions
- Prefer vetted libraries and modern cryptographic algorithms; avoid custom crypto
- Document applied security rules and include small, actionable remediation steps
Example use cases
- Generate a new Python REST endpoint with input validation, auth checks, and secure error handling
- Review a pull request to detect hardcoded secrets, insecure file handling, or unsafe deserialization
- Harden a CI/CD pipeline and container image definitions against supply-chain and privilege risks
- Add encryption and secure key management guidance when implementing data-at-rest features
- Translate language-agnostic security rules into concrete fixes for JavaScript or TypeScript code
FAQ
Always-run checks include hardcoded credentials, recommended cryptographic algorithm use, and certificate handling rules.
How does the skill choose language-specific rules?
The skill detects the target language and loads the mapped CodeGuard rule files for that language to apply context-specific guidance.