cisco/software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

82%

Overall

Review — 82%

Quality of skill definitions

Evaluation

Agent success when using this tile

{
  "context": "Tests whether agent avoids 0.0.0.0/0 for management/DB ports, enforces IMDSv2, uses least-privilege IAM without wildcards, and marks sensitive values.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "No open SSH access",
      "description": "Security group for SSH (port 22) does NOT allow 0.0.0.0/0 as source — uses a restricted CIDR or references a specific source",
      "max_score": 25
    },
    {
      "name": "No public database",
      "description": "Database instance or its security group does NOT allow ingress from 0.0.0.0/0 and the database is not publicly accessible",
      "max_score": 25
    },
    {
      "name": "IMDSv2 enforced",
      "description": "EC2 instance metadata options set http_tokens to 'required' (enforces IMDSv2, not optional/IMDSv1)",
      "max_score": 20
    },
    {
      "name": "No IAM wildcard actions",
      "description": "IAM policy does not use '*' for actions (no 'Action: *') — uses specific service actions instead",
      "max_score": 20
    },
    {
      "name": "Sensitive values marked",
      "description": "Database password or other secrets use Terraform sensitive = true or are sourced from a secrets manager",
      "max_score": 10
    }
  ]
}