Search Results: devsecops

Found 23 Skills

Security & Complianceancoleman/ai-design-compo...

managing-vulnerabilities

Implementing multi-layer security scanning (container, SAST, DAST, SCA, secrets), SBOM generation, and risk-based vulnerability prioritization in CI/CD pipelines. Use when building DevSecOps workflows, ensuring compliance, or establishing security gates for container deployments.

🇺🇸|EnglishTranslated

5 scripts/Attention

DevOps & Cloud Servicesvladm3105/aidoc-flow-fram...

devops-flow

DevOps, MLOps, DevSecOps practices for cloud environments (GCP, Azure, AWS)

🇺🇸|EnglishTranslated

Security & Compliancedaemon-blockint-tech/agen...

classified-software-devsecops-engineer

Guides secure software delivery and DevSecOps for cleared/classified or high-side programs—disconnected or air-gapped CI/CD, artifact promotion across classification boundaries (conceptual), SBOM/signing/ provenance, SAST/DAST/secrets/IaC/container gates, supply-chain controls, STIG/CIS deploy baselines, IaC for classified landing zones, cleared developer workstations, build/deploy audit logging, and ATO/RMF pipeline evidence (not SSP ownership). Use for classified DevSecOps, cleared pipeline, high-side CI/CD, air-gapped build, cross-domain release, classified software delivery, STIG pipeline, ATO evidence CI, SBOM classified, secure software factory—not portfolio cyber governance (classified-cyber-security-senior-manager), ISSO/SSP (information-systems-security-officer-classified-specialist), commercial-only DevSecOps (devsecops), general DevOps (devops), build-only validation (build-validator), pentest (penetration-tester), or enterprise GRC-only (compliance-specialist).

🇺🇸|EnglishTranslated

Security & Compliancedavila7/claude-code-templ...

security-compliance

Guides security professionals in implementing defense-in-depth security architectures, achieving compliance with industry frameworks (SOC2, ISO27001, GDPR, HIPAA), conducting threat modeling and risk assessments, managing security operations and incident response, and embedding security throughout the SDLC.

🇺🇸|EnglishTranslated

2 scripts/Checked

Security & Complianceyaklang/hack-skills

dependency-confusion

Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.

🇺🇸|EnglishTranslated

Security & Compliancejwynia/agent-skills

dependency-scan

Detect CVEs and security issues in project dependencies. Use when you need to analyze packages for known vulnerabilities across npm, pip, cargo, and other ecosystems.

🇺🇸|EnglishTranslated

Security & Compliancesickn33/antigravity-aweso...

security-scanning-security-hardening

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

🇺🇸|EnglishTranslated

Security & Compliancenetresearch/security-audi...

security-audit

Agent Skill: Security audit patterns (OWASP, CWE, CVSS) for any project. Deep automated PHP/TYPO3 scanning with 80+ checkpoints. Use when conducting security assessments, identifying vulnerabilities, or CVSS scoring. By Netresearch.

🇺🇸|EnglishTranslated

2 scripts/Attention

DevOps & Cloud Servicesdavila7/claude-code-templ...

devops-iac-engineer

Implements infrastructure as code using Terraform, Kubernetes, and cloud platforms. Designs scalable architectures, CI/CD pipelines, and observability solutions. Provides security-first DevOps practices and site reliability engineering guidance.

🇺🇸|EnglishTranslated

1 scripts/Checked

Project Managementdaemon-blockint-tech/agen...

extreme-lifecycle

Guides end-to-end lifecycle governance for mission-critical, high-assurance, or zero-failure- tolerance systems—concept through retirement: phases, gates, evidence, traceability, obsolescence, tech refresh, configuration baselines, NDA-safe regulated/classified patterns, assurance/DevSecOps/ ATO interfaces, decommissioning and data disposition. Use for extreme lifecycle, system lifecycle, mission-critical lifecycle, lifecycle gates, sustainment, tech refresh, obsolescence management, decommissioning, configuration baseline, lifecycle evidence, end-to-end lifecycle, or retire a system—not TPM-only (technical-program-manager), HRO-only (zero-tolerance-for-failure), tiering-only (mission-critical), classified pipeline-only (classified-software-devsecops-engineer), formal proofs (software-assurance-formal-methods-specialist), compliance-only (compliance-engineer), CI-only (build-validator), infra portfolio-only (vp-of-infrastructure).

🇺🇸|EnglishTranslated

AI & Machine Learningredteamlife/forge

forge

Turn AI coding from chaotic one-shot prompting into a reliable engineering workflow. FORGE gives you clear task boundaries, safer commits, review gates, and team-ready coordination so agents can ship real work without losing control of the project.

🇺🇸|EnglishTranslated

16 scripts/Attention