OpenSkillIndex← back to search
claude-code

Hve-core owasp-cicd

OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core.

install
source · Clone the upstream repo
git clone https://github.com/microsoft/hve-core
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/microsoft/hve-core "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.github/skills/security/owasp-cicd" ~/.claude/skills/microsoft-hve-core-owasp-cicd && rm -rf "$T"
manifest: .github/skills/security/owasp-cicd/SKILL.md
source content

OWASP® CI/CD Top 10 — Skill Entry

This 

SKILL.md
is the entrypoint for the OWASP CI/CD Top 10 skill.

The skill encodes the OWASP Top 10 CI/CD Security Risks as structured, machine-readable references that an agent can query to identify, assess, and remediate CI/CD pipeline security risks.

Normative references (CI/CD Top 10)

  1. 00 Vulnerability Index
  2. 01 Insufficient Flow Control Mechanisms
  3. 02 Inadequate Identity and Access Management
  4. 03 Dependency Chain Abuse
  5. 04 Poisoned Pipeline Execution
  6. 05 Insufficient PBAC
  7. 06 Insufficient Credential Hygiene
  8. 07 Insecure System Configuration
  9. 08 Ungoverned Usage of 3rd Party Services
  10. 09 Improper Artifact Integrity Validation
  11. 10 Insufficient Logging and Visibility

Skill layout

  • SKILL.md
    — this file (skill entrypoint).
  • references/
    — the CI/CD Top 10 normative documents. 
    • 00-vulnerability-index.md
      — index of all vulnerability identifiers, categories, and cross-references.
    • 01
      through 
      10
      — one document per vulnerability aligned with OWASP CI/CD Security numbering.

Third-Party Attribution

Copyright © OWASP Foundation. OWASP® Top 10 CI/CD Security Risks content is derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0/). Source: https://owasp.org/www-project-top-10-ci-cd-security-risks/ Modifications: Vulnerability descriptions restructured into agent-consumable reference documents with added detection and remediation guidance. OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.

🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.