zhongwei/gh-agentsecops-secopsagentkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 17:51:02 +08:00
commit ff1f4bd119
252 changed files with 72682 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
skills/_template/SKILL.md Normal file
View File

@@ -0,0 +1,157 @@
---
name: skill-name
description: >
[REQUIRED] Comprehensive description of what this skill does and when to use it.
Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context.
Must include specific "Use when:" clause for skill discovery.
Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry
security standards. Use when: (1) Analyzing static code for security vulnerabilities,
(2) Prioritizing security findings by severity, (3) Providing secure coding remediation,
(4) Integrating security checks into CI/CD pipelines."
Maximum 1024 characters.
version: 0.1.0
maintainer: your-github-username
category: [appsec|devsecops|secsdlc|threatmodel|compliance|incident-response]
tags: [relevant, security, tags]
frameworks: [OWASP|CWE|MITRE-ATT&CK|NIST|SOC2]
---
<!--
PROGRESSIVE DISCLOSURE GUIDELINES:
- Keep this SKILL.md file under 500 lines
- Only include core workflows and common patterns here
- Move detailed content to references/ directory
- Link clearly to when references should be consulted
- See: references/WORKFLOW_CHECKLIST.md for workflow pattern examples
- Challenge every sentence: "Does Claude really need this?"
-->
# Skill Name
## Overview
Brief overview of what this skill provides and its security operations context.
## Quick Start
Provide the minimal example to get started immediately:
```bash
# Example command or workflow
tool-name --option value
```
## Core Workflow
### Sequential Workflow
For straightforward step-by-step operations:
1. First action with specific command or operation
2. Second action with expected output or validation
3. Third action with decision points if needed
### Workflow Checklist (for complex operations)
For complex multi-step operations, use a checkable workflow:
Progress:
[ ] 1. Initial setup and configuration
[ ] 2. Run primary security scan or analysis
[ ] 3. Review findings and classify by severity
[ ] 4. Apply remediation patterns
[ ] 5. Validate fixes with re-scan
[ ] 6. Document findings and generate report
Work through each step systematically. Check off completed items.
**For more workflow patterns**, see [references/WORKFLOW_CHECKLIST.md](references/WORKFLOW_CHECKLIST.md)
### Feedback Loop Pattern (for validation)
When validation and iteration are needed:
1. Generate initial output (configuration, code, etc.)
2. Run validation: `./scripts/validator_example.py output.yaml`
3. Review validation errors and warnings
4. Fix identified issues
5. Repeat steps 2-4 until validation passes
6. Apply the validated output
**Note**: Move detailed validation criteria to `references/` if complex.
## Security Considerations
- **Sensitive Data Handling**: Guidance on handling secrets, credentials, PII
- **Access Control**: Required permissions and authorization contexts
- **Audit Logging**: What should be logged for security auditing
- **Compliance**: Relevant compliance requirements (SOC2, GDPR, etc.)
## Bundled Resources
### Scripts (`scripts/`)
Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency.
- `example_script.py` - Python script template with argparse, error handling, and JSON output
- `example_script.sh` - Bash script template with argument parsing and colored output
- `validator_example.py` - Validation script demonstrating feedback loop pattern
**When to use scripts**:
- Deterministic operations that must be consistent
- Complex parsing or data transformation
- Validation and quality checks
### References (`references/`)
On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here.
- `EXAMPLE.md` - Template for reference documentation with security standards sections
- `WORKFLOW_CHECKLIST.md` - Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop)
**When to use references**:
- Detailed framework mappings (OWASP, CWE, MITRE ATT&CK)
- Advanced configuration options
- Language-specific patterns
- Content exceeding 100 lines
### Assets (`assets/`)
Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed.
- `ci-config-template.yml` - Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detection
- `rule-template.yaml` - Security rule template with OWASP/CWE mappings and remediation guidance
**When to use assets**:
- Configuration templates
- Policy templates
- Boilerplate secure code
- CI/CD pipeline examples
## Common Patterns
### Pattern 1: [Pattern Name]
Description and example of common usage pattern.
### Pattern 2: [Pattern Name]
Additional patterns as needed.
## Integration Points
- **CI/CD**: How this integrates with build pipelines
- **Security Tools**: Compatible security scanning/monitoring tools
- **SDLC**: Where this fits in the secure development lifecycle
## Troubleshooting
### Issue: [Common Problem]
**Solution**: Steps to resolve.
## References
- [Tool Documentation](https://example.com)
- [Security Framework](https://owasp.org)
- [Compliance Standard](https://example.com)