Files
Anthropic-Cybersecurity-Skills/skills/detecting-supply-chain-attacks-in-ci-cd/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.6 KiB

API Reference: Detecting Supply Chain Attacks in CI/CD

GitHub Actions Workflow Parsing

import yaml

with open(".github/workflows/ci.yml") as f:
    wf = yaml.safe_load(f)

# Key fields
wf["permissions"]           # Workflow-level permissions
wf["jobs"]["build"]["steps"] # Step list
step["uses"]                # Action reference (owner/repo@ref)
step["run"]                 # Shell script
step["env"]                 # Environment variables

Supply Chain Risk Patterns

Risk Pattern Severity
Unpinned action uses: owner/action@main CRITICAL
Mutable tag uses: owner/action@v1 MEDIUM
Script injection run: echo ${{ github.event.issue.title }} CRITICAL
Write permissions permissions: write-all HIGH
Curl pipe bash RUN curl | bash HIGH
Latest image tag FROM image:latest MEDIUM

Dependency Confusion Check

import requests
# Check if private package exists on public registry
resp = requests.get(f"https://registry.npmjs.org/{pkg}")
exists = resp.status_code == 200

resp = requests.get(f"https://pypi.org/pypi/{pkg}/json")
exists = resp.status_code == 200

Pinning Actions to SHA

# Bad: mutable reference
uses: actions/checkout@main
# Good: pinned to commit SHA
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608

References