Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi
Developer security training and assessment for secure coding practices and vulnerability prevention
Audit software supply chain across every ecosystem (npm, pip, Go, Ruby, Cargo, Maven, Docker, Terraform) — pinning, vulnerabilities, secrets, SBOM, signing, branch protection,…
Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.
Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks.
Review Azure workload security posture against the Well-Architected Framework Security pillar: identity and access, network boundaries, data protection, threat detection,…
Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning,
Code Injection Detector - Auto-activating skill for Security Fundamentals. Triggers on: code injection detector, code injection detector Part of the Security Fundamentals skill…
Conjur integration. Manage security and secrets-management data, records, and workflows. Use when the user wants to interact with Conjur data.
Dockerfile security linting and best practice validation using Hadolint with 100+ built-in rules aligned to CIS Docker Benchmark.
Эксперт по container registry. Используй для настройки ECR, Harbor, Docker Hub, image security и CI/CD интеграции.
Guide for implementing DefectDojo - an open-source DevSecOps, ASPM, and vulnerability management platform.
Expert DevSecOps engineer specializing in secure CI/CD pipelines, shift-left security, security automation, and compliance as code.
Looks up OWASP DevSecOps Guideline phases, security tools, and pipeline checks. Returns tool configurations, CWE mappings, and integration patterns for CI/CD security.
DevSecOps patterns — shift-left security, SAST (semgrep/CodeQL), secrets detection (gitleaks/trufflehog), dependency scanning (trivy/grype), DAST, OPA/Falco policy-as-code,…
DevSecOps methodology guidance covering shift-left security, SAST/DAST/IAST integration, security gates in CI/CD pipelines, vulnerability management workflows, and security…
Evaluate GCP workload security posture against the Google Cloud Well-Architected Framework security pillar — covering zero trust, shift-left security, preemptive cyber defense, AI…
Expert Harbor container registry administrator specializing in registry operations, vulnerability scanning with Trivy, artifact signing with Notary, RBAC, and multi-region…
Harden-Runner by StepSecurity is a CI/CD security agent that works like an EDR for GitHub Actions runners.
Reduce container attack surface by building application images on Google distroless base images that contain
Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software
Implement centralized logging with ELK Stack, Loki, or Splunk for log collection, parsing, storage, and analysis across infrastructure.
Log Analysis Security - Auto-activating skill for Security Advanced. Triggers on: log analysis security, log analysis security Part of the Security Advanced skill category.
Review Oracle Cloud Infrastructure security, IAM, network, logging, encryption, and compliance posture.
Store and inject Salesforce auth URLs, JWT keys, and API credentials into CI without leaking them. NOT for runtime secrets in Apex.
Python-based threat modeling using pytm library for programmatic STRIDE analysis, data flow diagram generation, and automated security threat identification.
Use when configuring reCAPTCHA on Web-to-Case, Web-to-Lead, Experience Cloud forms, or Headless Identity flows, or when designing bot-mitigation strategies for Salesforce…
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations such as hashing…
Use when performing deep security review of auth, crypto, secrets, or PII code requiring confidence-rated severity findings and OWASP checks
Secure coding practices and defensive programming patterns for building security-first applications. Use when implementing authentication, handling user input, managing sensitive…
Harbor is an open-source container registry that provides security features including vulnerability scanning
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.
Execute use when setting up log aggregation solutions using ELK, Loki, or Splunk. Trigger with phrases like "setup log aggregation", "deploy ELK stack", "configure Loki", or…
This skill enables Claude to manage container registries, including ECR, GCR, and Harbor. It should be used when the user needs to create, configure, or manage container image…
This skill sets up log aggregation solutions using ELK (Elasticsearch, Logstash, Kibana), Loki, or Splunk.
This skill covers hardening container images by minimizing attack surface, removing unnecessary packages, implementing
Shift-left scanning, policy-as-code, signed artifacts, SBOM.