Skill

detecting-supply-chain-attacks-in-ci-cd

From asi

Scans GitHub Actions workflows and CI/CD configs for supply chain risks like unpinned actions, script injection, dependency confusion, and secrets exposure using Python YAML parsing. Use for auditing pipeline security.

Python

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When investigating security incidents that require detecting supply chain attacks in ci cd

SKILL.md

Similar Skills

detecting-supply-chain-attacks-in-ci-cd

5.9k

Scans GitHub Actions workflows and CI/CD configs for supply chain risks including unpinned actions, script injection, dependency confusion, and secrets exposure using Python YAML parsing.

3 files

cybersecurity-skills

detecting-supply-chain-attacks-in-ci-cd

Scans GitHub Actions workflows and CI/CD configs for supply chain attacks including unpinned actions, script injections via expressions, dependency confusion, and secret leaks using PyGithub and YAML parsing. Useful for auditing pipelines.

3 files

cybersecurity-skills-zh

securing-github-actions-workflows

Hardens GitHub Actions workflows against supply chain attacks, credential theft, and privilege escalation by pinning actions to SHA digests, minimizing GITHUB_TOKEN permissions, preventing script injection, and adding reviewer gates.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Detecting Supply Chain Attacks in CI/CD

When to Use

When investigating security incidents that require detecting supply chain attacks in ci cd

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Familiarity with security operations concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Scan CI/CD workflow files for supply chain risks by parsing GitHub Actions YAML, checking for unpinned dependencies, script injection vectors, and secrets exposure.

import yaml from pathlib import Path for wf in Path(".github/workflows").glob("*.yml"): with open(wf) as f: workflow = yaml.safe_load(f) for job_name, job in workflow.get("jobs", {}).items(): for step in job.get("steps", []): uses = step.get("uses", "") if uses and "@" in uses and not uses.split("@")[1].startswith("sha"): print(f"Unpinned action: {uses} in {wf.name}")

Key supply chain risks:

Unpinned GitHub Actions (using @main instead of SHA)

Script injection via ${{ github.event }} expressions

Overly permissive GITHUB_TOKEN permissions

Third-party actions with write access to repo

Dependency confusion via public/private package name collision

Examples

# Check for script injection in run steps for step in job.get("steps", []): run_cmd = step.get("run", "") if "${{" in run_cmd and "github.event" in run_cmd: print(f"Script injection risk: {run_cmd[:80]}")