What is the benefit of SHA pinning in GitHub Actions?

SHA pinning prevents supply chain attacks by ensuring you run the exact version of an action you have audited, protecting you from malicious updates to mutable tags.

Does this cover secret management?

Yes, it provides best practices and snippets for handling secrets securely and avoiding accidental exposure within your CI/CD processes.

Is this skill suitable for production environments?

Yes, the patterns are specifically designed for production-grade workflow hardening and meeting high-security compliance standards.

Can I use this for self-hosted runners?

The skill includes security patterns relevant to both GitHub-hosted and self-hosted runner environments, focusing on general workflow hardening.

How does this skill help with token permissions?

It provides copy-pasteable templates for the 'permissions' key in YAML workflows, ensuring your GITHUB_TOKEN follows the principle of least privilege.

GitHub Actions Security Cheat Sheet

Name: GitHub Actions Security Cheat Sheet
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

0•

安全与测试

Secures CI/CD pipelines with copy-pasteable patterns for SHA pinning, token permissions, and workflow hardening.

This Claude Code skill provides a comprehensive, ready-to-use security reference for hardening GitHub Actions workflows against common vulnerabilities. It empowers developers to implement production-grade security measures quickly using standardized patterns for action pinning, minimal token permissions, secret management, and runner isolation. By integrating these expert-vetted snippets directly into the Claude environment, users can effectively mitigate supply chain risks and ensure their CI/CD pipelines adhere to the principle of least privilege and industry-standard security best practices.

主要功能

010 GitHub stars

02Workflow hardening and environment isolation techniques

03Quick-reference production-ready security snippets

04Action SHA pinning snippets for supply chain protection

05Secure secret management and handling practices

06Least-privilege token permission patterns

使用场景

01Auditing and remediating security vulnerabilities in repository environments and runners.

02Hardening existing GitHub Actions workflows to prevent supply chain attacks.

03Setting up new CI/CD pipelines with standardized minimal permission models.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills github-actions-security-cheat-sheet

For use in Claude.ai and ChatGPT

Download Skill

主要功能

010 GitHub stars

02Workflow hardening and environment isolation techniques

03Quick-reference production-ready security snippets

04Action SHA pinning snippets for supply chain protection

05Secure secret management and handling practices

06Least-privilege token permission patterns

使用场景

01Auditing and remediating security vulnerabilities in repository environments and runners.

02Hardening existing GitHub Actions workflows to prevent supply chain attacks.

03Setting up new CI/CD pipelines with standardized minimal permission models.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills github-actions-security-cheat-sheet

For use in Claude.ai and ChatGPT

Download Skill