CISO Security KitSupply ChainAI CISOAI CTO
CI/CD Pipeline Hardening
Harden CI/CD: OIDC federation, pinned action SHAs, least-privilege runners, SBOM + signing on release.
What this skill does
CI/CD Pipeline Hardening is a versioned playbook inside the CISO Security Kit. It runs on the AI CISO or AI CTO agent through the Procux skill runtime, producing structured, auditable output suitable for executive review and regulator submission.
- Kit
- CISO Security Kit
- Category
- Supply Chain
- Primary agent(s)
- AI CISO, AI CTO
- Tags
- supply-chain, ci-cd, oidc, hardening
How to use it
- Sign in to your Procux workspace and open the platform dashboard.
- Pick the AI CISO agent, then pick CI/CD Pipeline Hardening from the CISO Security Kit catalog.
- Provide the required inputs (repo, document, endpoint, jurisdiction) — the agent runs the playbook and returns a structured report.
- Review, iterate, or export (PDF / JSON / Markdown) as part of your internal review cycle.
Related skills
- Container Image ScanningTrivy / Grype / Snyk scanning and base-image hygiene; CVE triage workflow gated at build and admission.
- SBOM Generation & AnalysisCycloneDX / SPDX SBOM generation, consumption, and exploitability triage aligned with NTIA minimum elements.
- Secrets Scanning in Git HistoryTruffleHog / Gitleaks / detect-secrets pipeline across branches and history with revocation and rotation playbook.