feat(skill): introduce owasp-cicd

[JasonTheDeveloper]

Pull Request

Description

In alignment with phase 2 discussed in #480 (comment), this PR introduces the OWASP CICD Top 10 skill to hve-core and the security reviewer agent.

Related Issue(s)

Closes #1243

Type of Change

Select all that apply:

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts:

• Reviewed contribution with prompt-builder agent and addressed all feedback
• Copilot instructions (.github/instructions/*.instructions.md)
• Copilot prompt (.github/prompts/*.prompt.md)
• Copilot agent (.github/agents/*.agent.md)
• Copilot skill (.github/skills/*/SKILL.md)

Note for AI Artifact Contributors:

• Agents: Research, indexing/referencing other project (using standard VS Code GitHub Copilot/MCP tools), planning, and general implementation agents likely already exist. Review .github/agents/ before creating new ones.
• Skills: Must include both bash and PowerShell scripts. See Skills.
• Model Versions: Only contributions targeting the latest Anthropic and OpenAI models will be accepted. Older model versions (e.g., GPT-3.5, Claude 3) will be rejected.
• See Agents Not Accepted and Model Version Requirements.

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Testing

To be able to test the owasp-cicd skill using the security reviewer agent you will need a repository containing cicd configuration.

1. Either select the Security Reviewer agent or invoke the agent via the /security-revew instruction
2. Use the following prompt analyse the code and produce a vulnerability report
   • If you are testing to see if the codebase-profiler.agent.md picks up that the repository contains cicd configuration (like github workflow) and thus uses the owasp-cicd skill then that's all you need.
   • If you only want to test the owasp-cicd is used, in your prompt add targetSkill=owasp-cicd

You should see in the output report the owasp-cicd skill being referenced and used.

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

AI Artifact Contributions

• Used /prompt-analyze to review contribution
• Addressed all feedback from prompt-builder review
• Verified contribution follows common standards and type-specific requirements

Required Automated Checks

The following validation commands must pass before merging:

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Skill structure validation: npm run validate:skills
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps
• Plugin freshness: npm run plugin:generate

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues
• Security-related scripts follow the principle of least privilege

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.62%. Comparing base (07bd2ab) to head (38adadf).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1246      +/-   ##
==========================================
- Coverage   87.63%   87.62%   -0.02%     
==========================================
  Files          61       61              
  Lines        9328     9328              
==========================================
- Hits         8175     8174       -1     
- Misses       1153     1154       +1     

Flag	Coverage Δ
pester	85.18% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[WilliamBerryiii]

@JasonTheDeveloper - will you run this one over HVE Core itself and share the report in this thread?

[JasonTheDeveloper]

@WilliamBerryiii yeah sure. I ran the owasp-cicd skill specifcally and here are the results:

---

OWASP Security Assessment Report

Date: 2026-04-01
Repository: hve-core
Agent: Security Reviewer
Skills applied: owasp-cicd

Caution

This prompt is an assistive tool only and does not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated vulnerability findings must be reviewed and validated by qualified security professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment.

---

Executive Summary

A comprehensive CI/CD security assessment was performed against the hve-core repository using the OWASP CI/CD Top 10 framework. All 10 controls were evaluated, producing 9 PASS findings and 1 NOT_ASSESSED finding (IAM configuration, which resides outside source code). No vulnerabilities were identified — the repository demonstrates strong pipeline security posture with SHA-pinned actions, least-privilege permissions, secret scanning, SBOM generation, build provenance attestation, and deterministic dependency management. All 10 findings passed through verification unchanged.

Summary Counts

Status	Count
PASS	9
FAIL	0
PARTIAL	0
NOT_ASSESSED	1
Total	10

Severity Breakdown (FAIL + PARTIAL only)

Severity	Count
CRITICAL	0
HIGH	0
MEDIUM	0
LOW	0

Verification Summary

Verdict	Count
CONFIRMED	0
DISPROVED	0
DOWNGRADED	0
UNCHANGED	10

---

Findings by Framework

owasp-cicd

ID	Title	Status	Severity	Location	Finding	Recommendation	Verdict	Justification
CICD-SEC-1:2025	Insufficient Flow Control Mechanisms	PASS	N/A	N/A	PR validation runs on pull_request events against protected branches (main, develop). The stable release pipeline triggers only on push to main. Pre-release pipelines require merged PRs. All pipelines gate on multiple validation jobs before release steps execute. No auto-merge rules were found in the codebase.	Continue enforcing branch protection rules at the GitHub repository settings level.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-3:2025	Dependency Chain Abuse	PASS	N/A	N/A	The repository has a .npmrc enforcing save-exact=true, package-lock=true, and audit=true. Both package-lock.json and docs/docusaurus/package-lock.json exist for lockfile-based deterministic installs. All npm ci calls use lockfiles. Python dependencies use uv sync with uv.lock files. A dependency-review.yml workflow runs actions/dependency-review-action on PRs with license checks and OpenSSF Scorecard warnings. A pip-audit.yml workflow audits Python dependencies. Additionally, a dependency-pinning-scan.yml workflow enforces SHA pinning compliance for all dependency types.	No additional action needed.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-4:2025	Poisoned Pipeline Execution	PASS	N/A	N/A	All workflows trigger on pull_request (not pull_request_target), which runs with read-only GITHUB_TOKEN on the PR merge commit in a safe context. No workflows were found that trigger on pull_request_target. The PR validation pipeline uses only contents: read permissions. Release pipelines trigger on push to main (post-merge only). The copilot-setup-steps.yml triggers only on workflow_dispatch. Pipeline configuration files are in the repository with branch protection expected on main.	Ensure branch protection rules on main require PR review before merge to prevent direct pushes that trigger the release pipeline.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-5:2025	Insufficient PBAC	PASS	N/A	N/A	Every workflow declares top-level permissions: contents: read and then grants minimal per-job permissions (e.g., security-events: write only for SARIF upload jobs, id-token: write only for attestation/OIDC jobs). This follows the principle of least privilege extensively. The marketplace publish job uses a protected GitHub environment (marketplace). All jobs run on GitHub-hosted ubuntu-latest runners, which are ephemeral by design.	No additional action needed.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-6:2025	Insufficient Credential Hygiene	PASS	N/A	N/A	Gitleaks secret scanning runs on every PR (gitleaks-scan.yml) and as part of the stable release pipeline with soft-fail: false, blocking merges on detected secrets. Full git history is scanned (fetch-depth: 0). Secrets are stored in GitHub Secrets/Variables (e.g., RELEASE_APP_PRIVATE_KEY, AZURE_CLIENT_ID), never in code. Almost all checkout steps use persist-credentials: false to prevent token leakage. The marketplace publish uses OIDC federation (short-lived tokens) rather than static credentials.	Continue periodic rotation of the GitHub App private key and Azure service principal credentials.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-7:2025	Insecure System Configuration	PASS	N/A	N/A	All CI/CD runs on GitHub-hosted runners (ubuntu-latest), eliminating self-managed infrastructure risks. Workflows use concurrency groups with cancel-in-progress to prevent resource exhaustion. A workflow-permissions-scan.yml workflow validates that all workflows have proper permissions blocks. CodeQL analysis runs weekly and on PRs. The OpenSSF Scorecard runs weekly and after releases. ActionLint validates workflow syntax.	No additional action needed.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-8:2025	Ungoverned Usage of 3rd Party Services	PASS	N/A	N/A	All third-party GitHub Actions are pinned by full SHA with version comments (e.g., actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2). An action-version-consistency-scan.yml workflow ensures consistent action versions across all workflows. The dependency-pinning-scan.yml enforces SHA pinning compliance with a 95% threshold. The sha-staleness-check.yml detects outdated SHA pins. Third-party actions used are well-known. Weekly security maintenance reviews all third-party integrations.	Periodically review the third-party action inventory for actions that are no longer maintained. Consider documenting the approval rationale for each third-party action.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-9:2025	Improper Artifact Integrity Validation	PASS	N/A	N/A	The release pipelines generate SBOMs using anchore/sbom-action in SPDX JSON format for all artifacts (VSIX extensions, plugin packages, and dependencies). Build provenance is attested using actions/attest-build-provenance (Sigstore). SBOMs are independently attested via actions/attest. All release assets include .sigstore.json and .intoto.jsonl provenance bundles. Verification instructions are appended to release notes. Third-party tool downloads in workflows verify SHA256 checksums before use. The Get-VerifiedDownload.ps1 library script provides a reusable pattern for hash-verified downloads.	No additional action needed.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-10:2025	Insufficient Logging and Visibility	PASS	N/A	N/A	Multiple SARIF-producing workflows upload results to the GitHub Security tab: CodeQL, Gitleaks, dependency pinning scan, workflow permissions scan, action version consistency scan, and OpenSSF Scorecard. Workflow artifacts are retained (30–90 days) for audit trails. Job summaries are generated for visibility. Weekly security maintenance produces consolidated summary reports and creates GitHub issues for stale SHA pins. All security-relevant workflows run both on PRs and on schedule (weekly).	Consider increasing artifact retention for security-sensitive scan results if organizational compliance requires longer retention periods.	UNCHANGED	Pass-through; no adversarial verification required.
CICD-SEC-2:2025	Inadequate Identity and Access Management	NOT_ASSESSED	N/A	N/A	IAM configuration lives in GitHub organization/repository settings and cannot be assessed from source code alone. Workflows use GitHub App tokens (actions/create-github-app-token) scoped via RELEASE_APP_ID / RELEASE_APP_PRIVATE_KEY rather than broad PATs, which is a positive signal. The marketplace publish workflow uses OIDC (azure/login with client-id, tenant-id, subscription-id) and a protected marketplace environment.	Periodically audit GitHub organization member access, repository collaborators, and GitHub App installation permissions. Verify that the Release App has minimal required permissions.	UNCHANGED	Pass-through; not assessable from source code.

---

Detailed Remediation Guidance

None identified.

Disproved Findings

None.

---

Remediation Checklist

ID	Control	Status	Evidence

No CONFIRMED or DOWNGRADED findings require remediation.

---

Appendix: Skills Used

Skill	Framework	Version	Reference
owasp-cicd	OWASP Top 10 CI/CD Security Risks	1.0.0	owasp.org/www-project-top-10-ci-cd-security-risks

[WilliamBerryiii]

@WilliamBerryiii yeah sure. I ran the owasp-cicd skill specifcally and here are the results:

OWASP Security Assessment Report

Date: 2026-04-01 Repository: hve-core Agent: Security Reviewer Skills applied: owasp-cicd

Caution

This prompt is an assistive tool only and does not replace professional security tooling (SAST, DAST, SCA, penetration testing, compliance scanners) or qualified human review. All AI-generated vulnerability findings must be reviewed and validated by qualified security professionals before use. AI outputs may contain inaccuracies, miss critical threats, or produce recommendations that are incomplete or inappropriate for your environment.

Executive Summary

A comprehensive CI/CD security assessment was performed against the hve-core repository using the OWASP CI/CD Top 10 framework. All 10 controls were evaluated, producing 9 PASS findings and 1 NOT_ASSESSED finding (IAM configuration, which resides outside source code). No vulnerabilities were identified — the repository demonstrates strong pipeline security posture with SHA-pinned actions, least-privilege permissions, secret scanning, SBOM generation, build provenance attestation, and deterministic dependency management. All 10 findings passed through verification unchanged.

Summary Counts

Status Count
PASS 9
FAIL 0
PARTIAL 0
NOT_ASSESSED 1
Total 10

Severity Breakdown (FAIL + PARTIAL only)

Severity Count
CRITICAL 0
HIGH 0
MEDIUM 0
LOW 0

Verification Summary

Verdict Count
CONFIRMED 0
DISPROVED 0
DOWNGRADED 0
UNCHANGED 10

Findings by Framework

owasp-cicd

ID Title Status Severity Location Finding Recommendation Verdict Justification
CICD-SEC-1:2025 Insufficient Flow Control Mechanisms PASS N/A N/A PR validation runs on pull_request events against protected branches (main, develop). The stable release pipeline triggers only on push to main. Pre-release pipelines require merged PRs. All pipelines gate on multiple validation jobs before release steps execute. No auto-merge rules were found in the codebase. Continue enforcing branch protection rules at the GitHub repository settings level. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-3:2025 Dependency Chain Abuse PASS N/A N/A The repository has a .npmrc enforcing save-exact=true, package-lock=true, and audit=true. Both package-lock.json and docs/docusaurus/package-lock.json exist for lockfile-based deterministic installs. All npm ci calls use lockfiles. Python dependencies use uv sync with uv.lock files. A dependency-review.yml workflow runs actions/dependency-review-action on PRs with license checks and OpenSSF Scorecard warnings. A pip-audit.yml workflow audits Python dependencies. Additionally, a dependency-pinning-scan.yml workflow enforces SHA pinning compliance for all dependency types. No additional action needed. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-4:2025 Poisoned Pipeline Execution PASS N/A N/A All workflows trigger on pull_request (not pull_request_target), which runs with read-only GITHUB_TOKEN on the PR merge commit in a safe context. No workflows were found that trigger on pull_request_target. The PR validation pipeline uses only contents: read permissions. Release pipelines trigger on push to main (post-merge only). The copilot-setup-steps.yml triggers only on workflow_dispatch. Pipeline configuration files are in the repository with branch protection expected on main. Ensure branch protection rules on main require PR review before merge to prevent direct pushes that trigger the release pipeline. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-5:2025 Insufficient PBAC PASS N/A N/A Every workflow declares top-level permissions: contents: read and then grants minimal per-job permissions (e.g., security-events: write only for SARIF upload jobs, id-token: write only for attestation/OIDC jobs). This follows the principle of least privilege extensively. The marketplace publish job uses a protected GitHub environment (marketplace). All jobs run on GitHub-hosted ubuntu-latest runners, which are ephemeral by design. No additional action needed. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-6:2025 Insufficient Credential Hygiene PASS N/A N/A Gitleaks secret scanning runs on every PR (gitleaks-scan.yml) and as part of the stable release pipeline with soft-fail: false, blocking merges on detected secrets. Full git history is scanned (fetch-depth: 0). Secrets are stored in GitHub Secrets/Variables (e.g., RELEASE_APP_PRIVATE_KEY, AZURE_CLIENT_ID), never in code. Almost all checkout steps use persist-credentials: false to prevent token leakage. The marketplace publish uses OIDC federation (short-lived tokens) rather than static credentials. Continue periodic rotation of the GitHub App private key and Azure service principal credentials. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-7:2025 Insecure System Configuration PASS N/A N/A All CI/CD runs on GitHub-hosted runners (ubuntu-latest), eliminating self-managed infrastructure risks. Workflows use concurrency groups with cancel-in-progress to prevent resource exhaustion. A workflow-permissions-scan.yml workflow validates that all workflows have proper permissions blocks. CodeQL analysis runs weekly and on PRs. The OpenSSF Scorecard runs weekly and after releases. ActionLint validates workflow syntax. No additional action needed. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-8:2025 Ungoverned Usage of 3rd Party Services PASS N/A N/A All third-party GitHub Actions are pinned by full SHA with version comments (e.g., actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2). An action-version-consistency-scan.yml workflow ensures consistent action versions across all workflows. The dependency-pinning-scan.yml enforces SHA pinning compliance with a 95% threshold. The sha-staleness-check.yml detects outdated SHA pins. Third-party actions used are well-known. Weekly security maintenance reviews all third-party integrations. Periodically review the third-party action inventory for actions that are no longer maintained. Consider documenting the approval rationale for each third-party action. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-9:2025 Improper Artifact Integrity Validation PASS N/A N/A The release pipelines generate SBOMs using anchore/sbom-action in SPDX JSON format for all artifacts (VSIX extensions, plugin packages, and dependencies). Build provenance is attested using actions/attest-build-provenance (Sigstore). SBOMs are independently attested via actions/attest. All release assets include .sigstore.json and .intoto.jsonl provenance bundles. Verification instructions are appended to release notes. Third-party tool downloads in workflows verify SHA256 checksums before use. The Get-VerifiedDownload.ps1 library script provides a reusable pattern for hash-verified downloads. No additional action needed. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-10:2025 Insufficient Logging and Visibility PASS N/A N/A Multiple SARIF-producing workflows upload results to the GitHub Security tab: CodeQL, Gitleaks, dependency pinning scan, workflow permissions scan, action version consistency scan, and OpenSSF Scorecard. Workflow artifacts are retained (30–90 days) for audit trails. Job summaries are generated for visibility. Weekly security maintenance produces consolidated summary reports and creates GitHub issues for stale SHA pins. All security-relevant workflows run both on PRs and on schedule (weekly). Consider increasing artifact retention for security-sensitive scan results if organizational compliance requires longer retention periods. UNCHANGED Pass-through; no adversarial verification required.
CICD-SEC-2:2025 Inadequate Identity and Access Management NOT_ASSESSED N/A N/A IAM configuration lives in GitHub organization/repository settings and cannot be assessed from source code alone. Workflows use GitHub App tokens (actions/create-github-app-token) scoped via RELEASE_APP_ID / RELEASE_APP_PRIVATE_KEY rather than broad PATs, which is a positive signal. The marketplace publish workflow uses OIDC (azure/login with client-id, tenant-id, subscription-id) and a protected marketplace environment. Periodically audit GitHub organization member access, repository collaborators, and GitHub App installation permissions. Verify that the Release App has minimal required permissions. UNCHANGED Pass-through; not assessable from source code.

Detailed Remediation Guidance

None identified.

Disproved Findings

None.

Remediation Checklist

ID Control Status Evidence
No CONFIRMED or DOWNGRADED findings require remediation.

Appendix: Skills Used

Skill Framework Version Reference
owasp-cicd OWASP Top 10 CI/CD Security Risks 1.0.0 owasp.org/www-project-top-10-ci-cd-security-risks

This makes me really happy!

[WilliamBerryiii]

Thanks for this contribution — the content quality across all 10 reference documents is excellent and the agent integrations are thorough.

A few items to address before merge, detailed in inline comments below.

Positive observations:

• All 10 vulnerability reference documents follow a consistent, well-structured format
• Agent integrations (security-reviewer, codebase-profiler, finding-deep-verifier, skill-assessor) are all correctly updated
• Collection and plugin registrations are complete with correct maturity: experimental
• Symlinks follow the established conventions
• Using "index" rather than "master index" is the preferred wording — we will update the existing skills to match
• Using a hyphen in security.collection.md is the preferred punctuation — we will update existing entries to match

[WilliamBerryiii]

Missing Third-Party Attribution section

All three existing OWASP skills include a ## Third-Party Attribution section at the end of SKILL.md with:

• OWASP Foundation copyright notice
• CC BY-SA 4.0 license reference and link
• Source URL
• Modifications description
• OWASP® trademark disclaimer

Since this content is derived from OWASP's CC BY-SA 4.0 licensed material, this section is required for license compliance.

See owasp-agentic/SKILL.md lines 44-55 for the template to follow.

[WilliamBerryiii]

Missing OWASP® trademark symbol

The existing skills use the registered trademark symbol in the heading:

• # OWASP® Top 10 — Skill Entry
• # OWASP® LLM Top 10 — Skill Entry
• # OWASP® Agentic Top 10 — Skill Entry

Suggested change

	# OWASP CI/CD Top 10 — Skill Entry
	# OWASP® CI/CD Top 10 — Skill Entry

[WilliamBerryiii]

Nit: extra blank line after the ### Scenario B heading. All other scenario headings across the 10 references use a single blank line.

Suggested change

[WilliamBerryiii]

Nit: extra blank line after the ### Scenario B heading, same as ref 07.

Suggested change

[WilliamBerryiii]

Nit: the index title is single-quoted but has no special YAML characters. The individual reference titles (01-10) correctly use quotes because they contain colons, but this one could be unquoted for consistency with the other skills' index files.

Suggested change

	title: 'OWASP CI/CD Top 10 Vulnerability Index'
	title: OWASP CI/CD Top 10 Vulnerability Index