Do I need to manually trigger scans?

No, the workflows are pre-configured to trigger automatically on every Pull Request and push to the main branch for continuous security.

What scanners are included in these workflows?

The workflows include CodeQL for static analysis (SAST), Trivy for container image scanning, and specialized tools for dependency vulnerability detection.

How are the security results visualized?

All scanning results are uploaded via SARIF format to the GitHub Security tab, providing a centralized dashboard for tracking and managing vulnerabilities.

Are these workflows secure by design?

Yes, the templates utilize SHA-pinned actions to prevent supply chain attacks and use minimal GITHUB_TOKEN permissions (security-events: write).

Can I block PRs based on security findings?

Absolutely. The workflows include security gates that can be configured to block merges when critical or high-severity vulnerabilities are detected.

Security Scanning Workflows

Name: Security Scanning Workflows
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

Security & Testing

Automates comprehensive security scanning by integrating SAST, dependency checks, and container vulnerability detection into CI/CD pipelines.

About

This skill provides production-ready GitHub Actions templates for implementing a robust 'shift-left' security strategy. It simplifies the setup of complex security workflows, including CodeQL static analysis, Trivy container scanning, and dependency auditing. By leveraging SARIF uploads to the GitHub Security tab and implementing automated security gates, it ensures that vulnerabilities are identified and remediated before they reach production, all while adhering to security best practices like SHA-pinned actions and minimal GITHUB_TOKEN permissions.

Key Features

Dependency vulnerability scanning with automated severity-based merge gates
Standardized SARIF result uploading to the GitHub Security dashboard
Hardened configurations using SHA-pinned actions and minimal permissions
0 GitHub stars
SAST integration using CodeQL for deep code-level vulnerability detection
Container image security scanning via Trivy for infrastructure protection

Use Cases

Standardizing security compliance across multiple microservices with uniform scanning patterns.
Implementing a complete DevSecOps pipeline for new or existing GitHub repositories.
Preventing insecure code or vulnerable dependencies from reaching production via automated merge gates.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills security-scanning-workflows

For use in Claude.ai and ChatGPT

Download Skill

GitHub