Claude-skill-registry devsecops-lookup

Looks up OWASP DevSecOps Guideline phases, security tools, and pipeline checks. Returns tool configurations, CWE mappings, and integration patterns for CI/CD security. Use when user asks about "DevSecOps", "SAST", "DAST", "SCA", "container security", "IaC security", "secret detection", "gitleaks", "semgrep", "trivy", "pipeline security", "シークレット検出", "静的解析", "動的解析", "コンテナセキュリティ", "セキュリティゲート".

install

source · Clone the upstream repo

git clone https://github.com/majiayu000/claude-skill-registry

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/devsecops-lookup" ~/.claude/skills/majiayu000-claude-skill-registry-devsecops-lookup && rm -rf "$T"

manifest: skills/data/devsecops-lookup/SKILL.md

DevSecOps Guideline Lookup

Reference for OWASP DevSecOps Guideline phases, tools, and security checks.

Pipeline Phases

Phase	Activity	Key Tools
Develop	Pre-commit checks, Secret detection	Gitleaks, TruffleHog, pre-commit
Build	SAST, SCA, Container, IaC	Semgrep, Trivy, Hadolint, tfsec
Test	DAST, API Security, IAST	OWASP ZAP, Nuclei, Postman
Deploy	Security Gates, Config validation	Policy-as-code, Admission controllers
Operate	Monitoring, Vulnerability management	CNAPP, SIEM, Pentesting

Lookup Workflow

Identify the Query Type:
- Pipeline phase (develop, build, test, deploy, operate)
- Tool name (gitleaks, semgrep, trivy, etc.)
- Security activity (SAST, SCA, DAST, etc.)
- CWE reference

Search the Indexes:

# Phase lookup
cat ${CLAUDE_PLUGIN_ROOT}/skills/devsecops-lookup/pipeline-phases-index.json | jq '.phases["build"]'

# Tool lookup
cat ${CLAUDE_PLUGIN_ROOT}/skills/devsecops-lookup/tools-index.json | jq '.tools["semgrep"]'

# Search by keyword
cat ${CLAUDE_PLUGIN_ROOT}/skills/devsecops-lookup/tools-index.json | jq '[.tools | to_entries[] | select(.value.keywords | map(ascii_downcase) | any(contains("sast")))]'

# CWE to phase mapping
cat ${CLAUDE_PLUGIN_ROOT}/skills/devsecops-lookup/pipeline-phases-index.json | jq '[.phases | to_entries[] | select(.value.cwes | any(contains("CWE-798")))]'

Return Results with:
- What it does (summary)
- Installation command
- Usage example
- CI/CD integration pattern
- Official references

Response Format

### [Tool/Activity Name]

**Phase**: [develop|build|test|deploy|operate]
**Category**: [secret-detection|sast|sca|container|iac|dast|misconfig]

**What It Does**:
[1-2 sentence summary]

**Installation**:
\`\`\`bash
[install command]
\`\`\`

**Basic Usage**:
\`\`\`bash
[usage command]
\`\`\`

**CI/CD Integration** (GitHub Actions):
\`\`\`yaml
[workflow snippet]
\`\`\`

**CWE Coverage**: [list of CWEs]

**References**:
- [Tool URL]
- [OWASP DevSecOps Guideline URL]

Quick Reference: Tools by Phase

Develop (Pre-commit)

Tool	Purpose	Install
Gitleaks	Secret detection	`brew install gitleaks`
pre-commit	Hook management	`pip install pre-commit`
detect-secrets	Secret patterns	`pip install detect-secrets`

Build (CI)

Tool	Purpose	Install
Semgrep	SAST	`pip install semgrep`
Trivy	SCA + Container	`brew install trivy`
Hadolint	Dockerfile lint	`brew install hadolint`
tfsec	Terraform security	`brew install tfsec`
Checkov	IaC security	`pip install checkov`

Test (CD/Staging)

Tool	Purpose	Install
OWASP ZAP	DAST	Docker
Nuclei	Vulnerability scanner	`go install nuclei`

Index Coverage

pipeline-phases-index.json

All DevSecOps pipeline phases
Activities per phase
Recommended tools
CWE mappings
OWASP DevSecOps Guideline references

tools-index.json

15+ security tools
Installation commands
Usage patterns
CI/CD integration examples
Output format specifications

Example Queries

User: "How do I scan for secrets in CI?" You: Look up

gitleaks

in tools-index.json

User: "What's the build phase?" You: Look up

build

in pipeline-phases-index.json

User: "Terraform security scanning?" You: Look up

tfsec

checkov