Why does this skill block service account JSON keys?

JSON keys are long-lived credentials that pose a significant security risk if leaked. This skill enforces Workload Identity Federation (WIF) to provide a more secure, keyless authentication method for GitHub Actions.

How does it handle security scanning?

The skill provides workflow templates that integrate industry-standard tools like TruffleHog for secret detection and Trivy for vulnerability scanning, ensuring checks occur before deployment.

Does this work for non-Vertex AI GCP deployments?

Yes, while it contains specialized logic for Vertex AI Agent Engine, the core WIF, OIDC, and IAM validation rules are applicable to any secure Google Cloud deployment pipeline.

What specific Vertex AI settings does it validate?

It validates Model Armor (protection against prompt injection), VPC service controls, Code Execution sandbox TTL (7-14 days), memory bank indexing, and auto-scaling instance counts.

GitHub Actions Validator for GCP

Name: GitHub Actions Validator for GCP
Author: BbgnsurfTech

byBbgnsurfTech

•

Deployment & DevOps

Validates and enforces security best practices for GitHub Actions workflows targeting Vertex AI and Google Cloud deployments.

About

The gh-actions-validator skill is a specialized tool for developers and DevOps engineers designed to ensure secure, production-ready CI/CD pipelines on Google Cloud Platform. It strictly mandates the use of Workload Identity Federation (WIF) to eliminate insecure JSON service account keys, enforces OIDC permissions, and audits IAM roles for least-privilege compliance. Beyond basic syntax, it performs deep validation of Vertex AI Agent Engine configurations—checking Model Armor, VPC settings, and auto-scaling—and integrates pre-deployment security scanning to prevent secret leaks and infrastructure vulnerabilities.

Key Features

Post-deployment health checks and monitoring setup
OIDC and IAM least privilege permission auditing
Mandatory Workload Identity Federation (WIF) enforcement
3 GitHub stars
Automated Vertex AI Agent Engine configuration validation
Integrated security scanning for secrets and vulnerabilities

Use Cases

Migrating from legacy JSON service account keys to secure OIDC-based WIF authentication
Automating production-grade CI/CD pipelines for Vertex AI Agent Engine deployments
Enforcing organizational security standards across all GCP-targeted GitHub workflows

About

Key Features

Post-deployment health checks and monitoring setup
OIDC and IAM least privilege permission auditing
Mandatory Workload Identity Federation (WIF) enforcement
3 GitHub stars
Automated Vertex AI Agent Engine configuration validation
Integrated security scanning for secrets and vulnerabilities

Use Cases

Migrating from legacy JSON service account keys to secure OIDC-based WIF authentication
Automating production-grade CI/CD pipelines for Vertex AI Agent Engine deployments
Enforcing organizational security standards across all GCP-targeted GitHub workflows