ci-cd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DevSecOps Implementation] (SAFE): The templates incorporate a robust security stack including secret scanning (TruffleHog, Gitleaks), SAST (Semgrep, CodeQL, Bandit), and container vulnerability scanning (Trivy, Grype).
- [Credential Management] (SAFE): The workflows utilize secure methods for handling secrets, such as GitHub/GitLab secrets, OIDC for cloud provider authentication (AWS/GCP), and
password-stdinfor Docker logins to prevent credential leakage in process logs. - [Supply Chain Security] (SAFE): The skill includes steps for generating Software Bill of Materials (SBOM) using Syft and signing container images with Cosign to ensure artifact integrity.
- [Dependency Security] (SAFE): Automated dependency auditing is integrated into the Node.js and Python templates using
npm audit,pip-audit, andsafety.
Audit Metadata