security-practices_skill

This skill helps you implement modern security practices across zero trust, supply chain, and devsecops, reducing risk and accelerating secure development.
  • Python

13

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill williamzujkowski/standards --skill security-practices

  • SKILL.md18.4 KB

Overview

This skill documents modern security practices for building and operating cloud-native systems, covering Zero Trust, supply chain security, DevSecOps integration, container and API protection, and incident response. It provides actionable checklists, implementation patterns, and tooling recommendations to reduce risk and meet compliance mappings like NIST controls. Use it to harden new projects quickly and to lift the security posture of existing systems.

How this skill works

The skill inspects architecture and development workflows and recommends controls across identity, network, build pipelines, and runtime environments. It gives concrete patterns: MFA and continuous authentication for Zero Trust, SBOM generation and dependency scanning for supply chain security, secure Docker/Kubernetes configurations, API hardening (rate limiting, input validation, auth middleware), and automated security gates in CI/CD. Each pattern maps to control objectives and suggests tools for implementation.

When to use it

  • Starting a new cloud-native project and needing secure defaults.
  • Integrating security into CI/CD pipelines and pull requests.
  • Building or auditing containerized workloads or Kubernetes clusters.
  • Implementing Zero Trust identity and access policies.
  • Establishing supply chain controls like SBOMs and dependency scanning.

Best practices

  • Enable MFA, enforce least privilege, and implement continuous session validation.
  • Shift left: run SAST, secret scanning, and dependency scans on every PR.
  • Never commit secrets; use a secrets manager and generate SBOMs for dependencies.
  • Build minimal container images, run as non-root, and scan images pre-deploy.
  • Harden APIs with rate limits, strict input validation/sanitization, and robust auth middleware.

Example use cases

  • Add a security stage to CI that runs Semgrep, Snyk, Trivy, and blocks merges on high findings.
  • Deploy a policy engine that evaluates risk and enforces step-up authentication for risky contexts.
  • Generate an SBOM for supply chain transparency and fail CI on prohibited licenses.
  • Replace a legacy Dockerfile with a multi-stage build that copies only runtime artifacts and runs as non-root.
  • Automate incident containment: revoke sessions, block malicious IPs, collect evidence, and trigger post-mortem workflows.

FAQ

Enable MFA, enforce HTTPS/TLS 1.3, and add automated dependency and secret scanning in CI.

Which tools should I use for dependency and container scanning?

Use Snyk or Dependabot for dependencies and Trivy or Aqua/Clair for container image scanning.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
security-practices skill by williamzujkowski/standards | VeilStrat