Can I use these for different programming languages?

Yes, the CI and security scanning workflows include specific variants and testing patterns for Node.js, Python, and Go.

What is SHA-pinning and why is it used?

SHA-pinning uses unique commit hashes instead of version tags for actions to prevent supply chain attacks from unauthorized or malicious updates to third-party actions.

Do these workflows support cloud deployments?

Yes, it includes deployment templates specifically for GCP via OIDC federation, supporting environment protections, canary rollouts, and automated rollbacks.

What security features are included in these templates?

The templates include SHA-pinned actions, job-level minimal GITHUB_TOKEN permissions, OIDC for secret-less cloud access, and comprehensive security scanning.

Hardened CI/CD Workflow Templates

Name: Hardened CI/CD Workflow Templates
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

0•

배포 및 DevOps

Provides production-ready, security-hardened GitHub Actions templates featuring SHA-pinning, OIDC authentication, and minimal permission scoping.

This skill offers a comprehensive library of copy-paste ready GitHub Actions workflows designed with a security-first approach to protect your software supply chain. It integrates industry-standard best practices, including SHA-pinned actions to prevent supply chain attacks, minimal GITHUB_TOKEN permission scoping, and OIDC federation for secret-less cloud authentication. Whether you are configuring continuous integration, managing signed releases with SLSA provenance, or deploying to cloud environments like GCP, these templates provide the necessary guardrails and inline documentation to ensure compliance and robust security from day one.

주요 기능

01SLSA provenance and artifact attestation for signed releases

02SHA-pinned actions for verified supply chain security

03OIDC-based cloud authentication for secret-less deployments

04Minimal GITHUB_TOKEN permission scoping per job

05Integrated security scanning (SAST, SCA, and Container)

060 GitHub stars

사용 사례

01Setting up OIDC-based cloud deployments with automated rollbacks

02Automating signed software releases with SLSA L2/L3 provenance

03Implementing secure PR validation and automated test gates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills complete-workflow-examples

For use in Claude.ai and ChatGPT

Download Skill