home/categories/git-workflows/mukul975-anthropic-cybersecurity-skills-skills-detecting-supply-chain-attacks-in-ci-cd-skill-md
git-workflowsdevops
detecting-supply-chain-attacks-in-ci-cd
Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned actions, script injection via expressions, dependency confusion, and secrets exposure. Uses PyGithub and YAML parsing for automated audit. Use when hardening CI/CD pipelines or investigating compromised build systems.
maintainer
mukul975
更新日 4/6/2026
スター
4240
フォーク
464
quick start
Installation and usage
Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned actions, script injection via expressions, dependency confusion, and secrets exposure. Uses PyGithub and YAML parsing for automated audit. Use when hardening CI/CD pipelines or investigating compromised build systems.
インストール
$ install --globalskills.sh
使い方
インストール後、ターミナルで以下のコマンドを実行してこのスキルを使用できます:
skills use detecting-supply-chain-attacks-in-ci-cd