Quick reference for GitHub Actions security patterns. Copy-paste snippets for action pinning, token permissions, secrets, runners, and workflow hardening.
Provides copy-paste patterns for hardening GitHub Actions workflows. Use when writing or reviewing workflows to quickly implement action pinning, token permissions, and secret management.
/plugin marketplace add adaptive-enforcement-lab/claude-skills/plugin install secure@ael-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
examples.mdreference.mdscripts/example-1.yamlscripts/example-2.yamlscripts/example-3.yamlscripts/example-4.yamlscripts/example-5.yamlscripts/example-6.yamlscripts/example-7.shscripts/example-8.shscripts/example-9.yamlOne-page security reference for hardening GitHub Actions workflows. Copy-paste ready patterns for production use.
Start Here
New to GitHub Actions security? Start with SHA pinning and minimal permissions. Both provide high impact with minimal workflow changes.
See the full implementation guide in the source documentation.
See examples.md for code examples.
See reference.md for complete documentation.
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.