Security & Testing Claude 技能

GitHub Actions Trigger Security

Secures GitHub Actions workflows by implementing safe trigger patterns for pull requests and forks to prevent privilege escalation and secret exfiltration.

OPA Policy Templates for Kubernetes

Implements 20 production-ready OPA Gatekeeper constraint templates for Kubernetes admission control and resource governance.

Secure Secret Management for GitHub Actions

Implements secure credential management, storage hierarchies, and OIDC authentication patterns within GitHub Actions workflows.

GitHub OAuth Authentication

Implements secure OAuth flows for GitHub Apps to enable user-context operations, device-based CLI authorization, and token management.

GitHub Runner Security Overview

Analyzes threat models and secure deployment patterns for self-hosted GitHub Actions runners to prevent infrastructure compromise.

Policy-as-Code Template Library

Deploys production-ready security and governance policies for Kubernetes using Kyverno and OPA Gatekeeper.

SDLC Security Implementation Roadmap

Guides a 90-day phased rollout of secure software development lifecycle controls and automated enforcement patterns.

Kubernetes Runtime Security Enforcement (Phase 3)

Hardens Kubernetes production environments through runtime policy enforcement, image verification, and resource constraints using Kyverno.

SDLC Security Foundation (Phase 1)

Establishes essential SDLC security controls including secrets detection, branch protection, and commit verification to create a secure development environment.

Kyverno Policy Templates

Simplifies Kubernetes security and compliance by providing 28 production-ready Kyverno policy templates for admission control.

Chaos Experiment Design

Guides the creation of structured chaos engineering experiments by defining hypotheses, success criteria, and blast radius controls.

GitHub Self-Hosted Runner Hardening

Secures self-hosted GitHub Actions runners using OS-level hardening, network isolation, and credential protection to prevent infrastructure compromise.

Security Scanning Workflows

Automates comprehensive security scanning by integrating SAST, dependency checks, and container vulnerability detection into CI/CD pipelines.

OPA Kubernetes Pod Security Templates

Enforces Kubernetes security policies using OPA to prevent privileged container execution and restrict dangerous Linux capabilities.

GitHub Secret Scanning Integration

Automates the configuration of GitHub secret scanning and push protection to prevent sensitive credential leaks in development workflows.

GKE Security Hardening Guide

Implements production-grade security controls for Google Kubernetes Engine using Pulumi and defense-in-depth patterns.

Kyverno Pod Security Templates

Enforces Kubernetes Pod Security Standards and privilege restrictions using Kyverno policies to secure containerized workloads.

Kubernetes Chaos Engineering

Automates resilience testing and fault injection for Kubernetes clusters using Chaos Mesh and LitmusChaos patterns.

Kubernetes Secure-by-Design Patterns

Implements secure-by-design architecture patterns for Kubernetes environments using zero-trust and defense-in-depth principles.

Multi-Source Policy Aggregator

Aggregates distributed Kyverno policies into a unified enforcement layer using multi-stage OCI container builds.

Kyverno Image Security & Validation

Secures Kubernetes clusters by enforcing container image validation policies including registry allowlists, signatures, and vulnerability gates.

GitHub Token Permissions Security

Implements least-privilege security for GitHub Actions by configuring explicit GITHUB_TOKEN permissions and reducing attack surfaces.

OpenSSF Scorecard Achievement Guide

Optimizes software security postures by providing comprehensive guidance on passing all 18 OpenSSF Scorecard checks and implementing secure engineering practices.

GitHub Actions Security Cheat Sheet

Secures CI/CD pipelines with copy-pasteable patterns for SHA pinning, token permissions, and workflow hardening.

Risk Prioritization Framework

Streamlines security triage using objective metrics, CVSS interpretation, and decision trees to prioritize vulnerability remediation.

Policy-as-Code End-to-End Enforcement

Eliminates security gaps by enforcing standardized Kyverno policies across local development, CI/CD pipelines, and Kubernetes runtime environments.

Branch Protection Enforcement

Implements automated GitHub branch protection patterns and drift detection to ensure robust organizational security compliance.

Kubernetes Incident Response Playbooks

Provides standardized templates for detecting, containing, and remediating Kubernetes security incidents with guided decision trees.

SLSA Toolchain Integration

Integrates SLSA provenance generation and dependency verification across Go, Node.js, and Python toolchains.

Kyverno Network Security Templates

Enforces robust Kubernetes network security policies including namespace isolation, Ingress TLS requirements, and service exposure restrictions.