detecting-supply-chain-attacks-in-ci-cd

Solid

Scans GitHub Actions workflows and CI/CD pipeline configurations for supply chain attack vectors including unpinned actions, script injection via expressions, dependency confusion, and secrets exposure. Uses PyGithub and YAML parsing for automated audit. Use when hardening CI/CD pipelines or investigating compromised build systems.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

Quality Score: 97/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

70

Documentation 15%

90

Issue Health 10%

50

License 10%

100

Description 5%

100

Skill Content

# Detecting Supply Chain Attacks in CI/CD ## When to Use - When investigating security incidents that require detecting supply chain attacks in ci cd - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - Familiarity with security operations concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Instructions Scan CI/CD workflow files for supply chain risks by parsing GitHub Actions YAML, checking for unpinned dependencies, script injection vectors, and secrets exposure. ```python import yaml from pathlib import Path for wf in Path(".github/workflows").glob("*.yml"): with open(wf) as f: workflow = yaml.safe_load(f) for job_name, job in workflow.get("jobs", {}).items(): for step in job.get("steps", []): uses = step.get("uses", "") if uses and "@" in uses and not uses.split("@")[1].startswith("sha"): print(f"Unpinned action: {uses} in {wf.name}") ``` Key supply chain risks: 1. Unpinned GitHub Actions (using @main instead of SHA) 2. Script injection via ${{ github.event }} expressions 3. Overly permissive GITHUB_TOKEN permissions 4. Third-party actions with write access to repo 5. Dependency confus...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Integrates with

GitHub · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

github-supply-chain

Audit GitHub repository supply chain security including GitHub Actions workflow hardening, third-party action pinning, dependency review, SBOM generation, and OIDC-based cloud authentication. Use this skill whenever the user asks about GitHub Actions security, workflow permissions, action pinning, Dependabot, Renovate, supply chain attacks, dependency confusion, typosquatting, SBOM (CycloneDX/SPDX), OIDC federation with AWS/GCP/Azure, or any concern about external code entering their CI/CD pipeline. Trigger on phrases like "audit my GitHub Actions", "are my workflows safe", "supply chain risk", "should I pin actions", "OIDC for cloud", "SBOM generation", "dependency review", and similar. Use this even if the user only mentions one sub-topic — coverage is broader than the trigger.

1 Updated 6 days ago

AI & Automation Featured

securing-github-actions-workflows

This skill covers hardening GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation. It addresses pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, protecting secrets from exfiltration, preventing script injection in workflow expressions, and implementing required reviewers for workflow changes.

12,642 Updated today

Code & Development Featured

gha-security-review

Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.

39,227 Updated today

DevOps & Infrastructure Listed

cicd-hardening

CI/CD pipeline hardening for GitHub Actions and GitLab CI — trust-model (pull_request_target vs pull_request), action pinning to SHA, OIDC-based cloud access, permissions minimization, runner isolation, and supply-chain gates (SLSA provenance, signing).

4 Updated 1 weeks ago

AI & Automation Solid

agentic-actions-auditor

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.

5,487 Updated 3 days ago