cisco/software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

82%

Overall

Review — 82%

Quality of skill definitions

Evaluation

Agent success when using this tile

{
  "context": "Tests whether agent applies K8s security hardening: non-root, drop ALL capabilities, read-only root filesystem, and default-deny network policies.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Non-root user",
      "description": "Pod spec includes runAsNonRoot: true or specifies a non-root runAsUser (UID > 0)",
      "max_score": 20
    },
    {
      "name": "Drop ALL capabilities",
      "description": "Security context includes drop: ['ALL'] or drop: [ALL] (drops all Linux capabilities, not just some)",
      "max_score": 25
    },
    {
      "name": "Read-only root filesystem",
      "description": "Security context includes readOnlyRootFilesystem: true",
      "max_score": 20
    },
    {
      "name": "Default-deny network policy",
      "description": "Includes a NetworkPolicy resource that implements default-deny for ingress (policyTypes includes Ingress with empty or no ingress rules as default)",
      "max_score": 25
    },
    {
      "name": "Resource limits set",
      "description": "Container spec includes resource limits (cpu and/or memory)",
      "max_score": 10
    }
  ]
}