Can it detect hardcoded credentials and API keys?

Yes, it provides specific rules and tool configurations for secrets scanning to identify hardcoded passwords, tokens, and other sensitive information before they are committed.

What tools does this DevSecOps skill support?

It provides configuration patterns for popular security tools including Semgrep, CodeQL, SonarQube, OWASP ZAP, Snyk, and Gitleaks.

Does it support automated deployment blocking?

Yes, it includes logic for security gates that can automatically fail CI/CD builds if specific vulnerability thresholds (e.g., Critical or High) are exceeded.

How does it help with shift-left security?

It provides actionable patterns for integrating security checks early in the development cycle, such as pre-commit hooks and build-time static analysis.

DevSecOps Practices

Name: DevSecOps Practices
Author: melodic-software

bymelodic-software

•

Security & Testing

Integrates automated security scanning, vulnerability management, and shift-left principles directly into your software development lifecycle.

This skill provides comprehensive guidance and implementation patterns for embedding security across all stages of the software development lifecycle (SDLC). It enables developers to implement shift-left security practices through automated SAST, DAST, and SCA tool configurations while establishing robust security gates within CI/CD pipelines. By leveraging industry-standard tools like Semgrep, OWASP ZAP, and CodeQL, the skill helps teams automate vulnerability management, detect hardcoded secrets, and maintain compliance with security maturity levels, ultimately fostering a culture of security as code.

Key Features

01Dynamic security testing (DAST) configurations using OWASP ZAP and Docker

02Secrets detection and license compliance workflows to prevent data leaks

03Comprehensive DevSecOps maturity level mapping and implementation guidance

0412 GitHub stars

05Automated SAST and SCA integration patterns for Semgrep, CodeQL, and SonarQube

06Customizable security gate thresholds to enforce build-time security standards

Use Cases

01Establishing automated security gates that block deployments based on vulnerability severity

02Building a secure CI/CD pipeline with automated vulnerability scanning and reporting

03Configuring pre-commit hooks to prevent hardcoded secrets from entering source control

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins devsecops-practices

For use in Claude.ai and ChatGPT

Download Skill