How does it map to industry security standards?

The skill maps tools and activities directly to the OWASP DevSecOps Guideline and specific CWE (Common Weakness Enumeration) identifiers for compliance.

What security tools does this skill cover?

It provides data for over 15 tools including Gitleaks, Semgrep, Trivy, Hadolint, tfsec, Checkov, OWASP ZAP, and Nuclei.

Can it help with CI/CD configuration?

Yes, it provides specific YAML snippets for integrating security tools into GitHub Actions and other pipeline environments.

Does it support Japanese language queries?

Yes, the skill is optimized for both English and Japanese terminology such as 'セキュリティゲート' (Security Gate) and '静的解析' (Static Analysis).

DevSecOps Guideline Lookup

Name: DevSecOps Guideline Lookup
Author: naporin0624

bynaporin0624

•

보안 및 테스팅

Provides comprehensive guidance on DevSecOps phases, security tools, and CI/CD integration patterns based on OWASP standards.

This skill empowers developers and security engineers to implement robust security practices within their CI/CD pipelines by providing instant access to the OWASP DevSecOps Guideline. It offers detailed technical references for over 15 industry-standard security tools—including Semgrep, Gitleaks, and Trivy—covering installation commands, usage examples, CWE mappings, and ready-to-use GitHub Actions integration snippets for every phase of the software development lifecycle.

주요 기능

01Access ready-to-use CI/CD integration patterns for GitHub Actions

02Map Common Weakness Enumerations (CWE) to specific security checks

032 GitHub stars

04Reference 15+ security tools across all pipeline phases

05Identify appropriate tools for SAST, DAST, SCA, and IaC security

06Navigate DevSecOps activities from pre-commit to production monitoring

사용 사례

01Setting up a secret scanning workflow using Gitleaks in a pre-commit hook

02Finding the right tool and configuration for container security scanning in a build pipeline

03Mapping specific security vulnerabilities (CWE) to the correct automated mitigation tool

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins devsecops-lookup

For use in Claude.ai and ChatGPT

주요 기능

01Access ready-to-use CI/CD integration patterns for GitHub Actions

02Map Common Weakness Enumerations (CWE) to specific security checks

032 GitHub stars

04Reference 15+ security tools across all pipeline phases

05Identify appropriate tools for SAST, DAST, SCA, and IaC security

06Navigate DevSecOps activities from pre-commit to production monitoring

사용 사례

01Setting up a secret scanning workflow using Gitleaks in a pre-commit hook

02Finding the right tool and configuration for container security scanning in a build pipeline

03Mapping specific security vulnerabilities (CWE) to the correct automated mitigation tool

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins devsecops-lookup

For use in Claude.ai and ChatGPT