Does it handle false positives?

Yes, it guides you through configuring .gitleaks.toml and .gitleaksignore files to tune out false positives while focusing on high-severity findings.

Which tools are used for scanning?

This skill utilizes Gitleaks for pattern-based scanning and TruffleHog for deep history analysis and optional live credential verification.

Is this skill compatible with security frameworks?

Yes, it is mapped to NIST CSF 2.0, MITRE ATT&CK, and NIST AI RMF, helping you align with standard cybersecurity compliance requirements.

How does the CI gate work?

The implementation parses scan results and returns a fail verdict to the pipeline if findings meet your configured severity threshold, such as Critical or High.

Can I integrate this into GitHub Actions?

Yes, the skill provides specific implementation steps for integrating automated scans as pre-deployment gates in GitHub Actions, GitLab CI, and Jenkins.

CI/CD Secrets Scanning

Name: CI/CD Secrets Scanning
Author: mukul975

bymukul975

•

4,120

•

安全与测试

Integrates Gitleaks and TruffleHog into CI/CD pipelines to automatically detect and block hardcoded credentials and API keys before deployment.

This skill enables developers and security engineers to automate the detection of sensitive information within their source code and version history. By orchestrating industry-standard tools like Gitleaks and TruffleHog, it provides a robust security gate that prevents API keys, tokens, and passwords from entering production environments. It is essential for teams building DevSecOps workflows, ensuring compliance with frameworks like NIST CSF and MITRE ATT&CK, and hardening the software supply chain against credential-based attacks.

主要功能

01Deep Git history scanning with live secret verification via TruffleHog

02Comprehensive JSON reporting with severity-based findings and remediation steps

03Automated detection of secrets using regex patterns and entropy analysis

044,120 GitHub stars

05Configurable CI/CD gates to block deployments on high-severity findings

06Seamless integration with GitHub Actions, GitLab CI, and Jenkins

使用场景

01Implementing pre-commit hooks to stop secrets from ever reaching version control

02Meeting regulatory compliance requirements for automated security testing

03Preventing credential leaks in private and open-source repositories

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-secrets-scanning-in-ci-cd

For use in Claude.ai and ChatGPT

主要功能

01Deep Git history scanning with live secret verification via TruffleHog

02Comprehensive JSON reporting with severity-based findings and remediation steps

03Automated detection of secrets using regex patterns and entropy analysis

044,120 GitHub stars

05Configurable CI/CD gates to block deployments on high-severity findings

06Seamless integration with GitHub Actions, GitLab CI, and Jenkins

使用场景

01Implementing pre-commit hooks to stop secrets from ever reaching version control

02Meeting regulatory compliance requirements for automated security testing

03Preventing credential leaks in private and open-source repositories

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-secrets-scanning-in-ci-cd

For use in Claude.ai and ChatGPT