gha-workflow-hardening
CommunityHardens GitHub Actions with least-privilege.
Software Engineering#permissions#github-actions#least-privilege#workflow-security#ci-cd-security#action-pinning
Authoraskaret
Version1.0.0
Installs0
System Documentation
What problem does it solve?
GitHub Actions workflows often run with broad permissions and risky patterns. This skill provides a structured approach to harden workflows, reduce the attack surface, and enforce least privilege across CI/CD pipelines.
Core Features & Use Cases
- Pin third-party actions to fixed SHAs and restrict untrusted actions to minimize supply chain risk.
- Enforce per-job minimal permissions, safe triggers, and clear review processes during workflow design and deployment.
- Provide a practical framework to audit and harden workflows in existing repositories and new projects.
Quick Start
Configure a hardened workflow by pinning actions, restricting permissions, and enabling least-privilege defaults.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: gha-workflow-hardening Download link: https://github.com/askaret/codex-skills/archive/main.zip#gha-workflow-hardening Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.