secure-code-review
Secure Code Review Skill
Purpose
Establish security-focused code review practices across all Hack23 projects, ensuring security vulnerabilities, insecure patterns, and compliance violations are identified and remediated before code reaches production.
Rules
Review Requirements
MUST:
- Review all code changes for security implications before merging
- Use automated security scanning (CodeQL, Dependabot) as first line of defense
- Check for OWASP Top 10 vulnerabilities in every review
- Verify proper input validation and output encoding
- Confirm no secrets, credentials, or keys in code or configuration
- Validate proper error handling (no information leakage)
- Check authorization controls on new endpoints or resources
- Verify proper use of cryptographic functions
More from hack23/homepage
github-actions-cicd
GitHub Actions workflow structure, security scanning integration (CodeQL, ZAP), Lighthouse audits, minification, and deployment automation
108html-css-best-practices
Semantic HTML5, CSS custom properties, responsive design, and performance optimization for web development
91agentic-workflow-orchestration
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
61product-documentation
Product documentation standards covering user guides, feature documentation, release notes, and end-user communication
52c4-modeling
C4 model (Context, Container, Component, Code) diagram patterns with Mermaid syntax for architecture documentation
33cryptography
Approved cryptographic algorithms, TLS enforcement, key management, and certificate handling per Hack23 Cryptographic Controls Policy
32