Hve-core secure-by-design
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core.
install
source · Clone the upstream repo
git clone https://github.com/microsoft/hve-core
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/microsoft/hve-core "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.github/skills/security/secure-by-design" ~/.claude/skills/microsoft-hve-core-secure-by-design && rm -rf "$T"
manifest:
.github/skills/security/secure-by-design/SKILL.mdsource content
Secure by Design — Skill Entry
This
SKILL.mdThe skill synthesizes the UK Government Secure by Design Principles (10 principles) and the Australian ASD/ACSC Secure by Design Foundations (6 foundations) into structured, machine-readable references that an agent can query to identify, assess, and improve adherence to secure-by-design practices across the software lifecycle.
Normative references (Secure by Design)
- 00 Principle Index
- 01 Security Governance
- 02 Risk-Driven Approach
- 03 Secure Product Development
- 04 Supply Chain Security
- 05 Usable Security Controls
- 06 Detect and Respond
- 07 Flexible Architecture
- 08 Minimize Attack Surface
- 09 Defense in Depth
- 10 Continuous Assurance
- 11 Secure Deprecation
Skill layout
— this file (skill entrypoint).SKILL.md
— the Secure by Design normative documents.references/
— index of all principle identifiers, categories, source mappings, and cross-references.00-principle-index.md
through01
— one document per synthesized principle area merging UK and AU guidance.11
Third-Party Attribution
UK Government Secure by Design Principles
- Copyright: Crown Copyright, UK Government Security Group
- License: Open Government Licence v3.0 (OGL-UK-3.0)
- Source: https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/
- Modifications: Synthesized into structured principle-checklist format with cross-references; merged with Australian guidance into unified principle areas
- Trademark: Use of UK Government content does not imply endorsement
Australian ASD/ACSC Secure by Design Foundations
- Copyright: © Commonwealth of Australia, Australian Signals Directorate
- License: Creative Commons Attribution 4.0 (CC-BY-4.0)
- Source: https://www.cyber.gov.au/business-government/secure-design/secure-by-design/secure-by-design-foundations
- Modifications: Synthesized into structured principle-checklist format with cross-references; merged with UK guidance into unified principle areas
- Trademark: Use of ASD/ACSC content does not imply endorsement
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.