creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
77c274fad7bffe5d96f2f2f9a869e388ef915542
Anthropic-Cybersecurity-Skills/skills/implementing-github-advanced-security-for-code-scanning/assets/template.md
T

61 lines
2.4 KiB
Markdown
Raw Blame History

# GHAS Code Scanning Implementation Template
## Organization Security Configuration
| Setting | Value | Notes |
|---------|-------|-------|
| Organization | `_______________` | |
| GHAS License Seats | `_______________` | Active committers |
| Default Query Suite | [ ] default [ ] security-extended [ ] security-and-quality | |
| Branch Protection Enabled | [ ] Yes [ ] No | |
| Secret Scanning Enabled | [ ] Yes [ ] No | |
| Push Protection Enabled | [ ] Yes [ ] No | |
| Dependabot Enabled | [ ] Yes [ ] No | |
## Repository Enablement Tracker
| Repository | Languages | Setup Type | Scanning Active | Open Alerts | Date Enabled |
|------------|-----------|------------|-----------------|-------------|--------------|
| | | [ ] Default [ ] Advanced | [ ] Yes [ ] No | | |
| | | [ ] Default [ ] Advanced | [ ] Yes [ ] No | | |
| | | [ ] Default [ ] Advanced | [ ] Yes [ ] No | | |
## Custom Query Pack Registry
| Pack Name | Version | Description | Target Languages |
|-----------|---------|-------------|------------------|
| | | | |
## Alert Severity Gate Configuration
| Environment | Block on Critical | Block on High | Block on Medium | Block on Low |
|-------------|-------------------|---------------|-----------------|--------------|
| Production (main) | [x] Yes | [x] Yes | [ ] Yes | [ ] No |
| Staging (develop) | [x] Yes | [ ] Yes | [ ] No | [ ] No |
| Feature branches | [x] Yes | [ ] Yes | [ ] No | [ ] No |
## Secret Scanning Custom Patterns
| Pattern Name | Regex | Description | Alert Enabled | Push Protection |
|--------------|-------|-------------|---------------|-----------------|
| | | | [ ] Yes [ ] No | [ ] Yes [ ] No |
## Weekly Security Review Checklist
- [ ] Review new critical and high severity alerts
- [ ] Check alert dismissal reasons for quality
- [ ] Verify new repositories have scanning enabled
- [ ] Review Dependabot alerts and merge security updates
- [ ] Check secret scanning alerts for exposed credentials
- [ ] Update security overview dashboard metrics
- [ ] Review MTTR trends and identify bottlenecks
## Escalation Matrix
| Alert Severity | Response SLA | Escalation Contact | Action Required |
|----------------|-------------|--------------------|-----------------|
| Critical | 24 hours | Security Lead | Immediate remediation, potential incident |
| High | 72 hours | Team Lead | Prioritize in current sprint |
| Medium | 2 weeks | Developer | Schedule for next sprint |
| Low | 30 days | Developer | Add to backlog |
Reference in New Issue View Git Blame Copy Permalink