Agent skills
Skills you can use with AI coding agents, indexed from public GitHub repositories.
-
secret-rotation-patterns
Automated secret rotation for GitHub Actions. Schedule recommendations, zero-downtime strategies, and notification patterns for credential lifecycle management.
adaptive-enforcement-lab/claude-skills 1
-
workflow-trigger-security
Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.
adaptive-enforcement-lab/claude-skills 1
-
github-actions-security-cheat-sheet
Quick reference for GitHub Actions security patterns. Copy-paste snippets for action pinning, token permissions, secrets, runners, and workflow hardening.
adaptive-enforcement-lab/claude-skills 1
-
reusable-workflow-security
Secure reusable workflow patterns for GitHub Actions. Input validation, secret inheritance, caller restrictions, and SHA pinning for workflow composition.
adaptive-enforcement-lab/claude-skills 1
-
gke-cluster-configuration
Private GKE cluster setup, Workload Identity, and Shielded Nodes with Binary Authorization using Terraform.
adaptive-enforcement-lab/claude-skills 1
-
go-security-tooling
Standard Go security toolkit: race detector, golangci-lint, Trivy, govulncheck. Zero cost, seamless integration, and OpenSSF-certified security workflow patterns.
adaptive-enforcement-lab/claude-skills 1
-
runner-group-management
Runner group organization strategies for GitHub Actions. Repository access restrictions, workflow controls, and security boundaries for self-hosted runners.
adaptive-enforcement-lab/claude-skills 1
-
iam-configuration
Least-privilege IAM roles for GKE nodes and workloads. Workload Identity Federation for external authentication and comprehensive audit logging for visibility.
adaptive-enforcement-lab/claude-skills 1
-
network-security
Secure GKE networking with VPC-native IP allocation, zero-trust network policies, Private Service Connect endpoints, and Cloud Armor DDoS protection layers.
adaptive-enforcement-lab/claude-skills 1
-
secret-scanning-integration
GitHub secret scanning configuration, push protection, custom pattern definitions, and response playbook for detected credentials in GitHub Actions workflows.
adaptive-enforcement-lab/claude-skills 1
-
environment-protection-patterns
Deployment protection with environment protection rules, required reviewers, wait timers, and approval gates for production deployments.
adaptive-enforcement-lab/claude-skills 1
-
github-core-app-setup
Configure organization-level GitHub Apps for secure cross-repository automation. Machine identity, audit trails, and enterprise-grade authentication.
adaptive-enforcement-lab/claude-skills 1
-
third-party-action-risk-assessment
Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.
adaptive-enforcement-lab/claude-skills 1
-
self-hosted-runner-security-overview
Understanding the threat model for self-hosted GitHub Actions runners. GitHub-hosted vs self-hosted comparison and secure deployment patterns.
adaptive-enforcement-lab/claude-skills 1
-
hardened-release-workflow
Production-ready release workflow examples with signed releases, SLSA provenance, artifact attestations, and minimal permissions.
adaptive-enforcement-lab/claude-skills 1
-
workload-identity-federation-implementation
Workload Identity Federation implementation guide. GKE setup, IAM bindings, ServiceAccount configuration, migration from service account keys, and troubleshooting patterns.
adaptive-enforcement-lab/claude-skills 1
-
runtime-security
Pod Security Standards and admission controllers for GKE. Runtime monitoring with Falco and behavioral analysis to detect anomalous workload activity.
adaptive-enforcement-lab/claude-skills 1
-
oidc-federation-patterns
Secretless authentication to cloud providers using OpenID Connect federation. GCP, Azure, and cloud-agnostic examples with subject claim patterns and trust policies.
adaptive-enforcement-lab/claude-skills 1
-
secret-management-overview
Understanding GitHub Actions secret types, storage hierarchy, and threat model. Secure patterns for managing credentials, tokens, and sensitive configuration.
adaptive-enforcement-lab/claude-skills 1
-
hardened-ci-workflow
Production-ready CI workflow examples with all security patterns applied. SHA pinning, minimal permissions, secret scanning, and language-specific variants.
adaptive-enforcement-lab/claude-skills 1
-
gke-security-hardening-guide
GKE security hardening guide with Pulumi. Private clusters, Workload Identity, Binary Authorization, network policies, IAM configuration, and runtime security enforcement.
adaptive-enforcement-lab/claude-skills 1
-
openssf-scorecard-achievement-guide
Complete OpenSSF Scorecard achievement guide. Understand all 18 security checks, fix false positives, navigate controversial recommendations, and progress from 7 to 10/10.
adaptive-enforcement-lab/claude-skills 1
-
hardened-deployment-workflow
Production-ready deployment workflow examples with OIDC authentication, environment protection, approval gates, and rollback patterns.
adaptive-enforcement-lab/claude-skills 1
-
argo-events
Build event-driven Kubernetes automation with Argo Events. Connect external systems to reactive workflows using EventSources, EventBus, and Sensors.
adaptive-enforcement-lab/claude-skills 1