スキル devops-deployment 監査履歴
📦

監査履歴

devops-deployment - 6 監査

監査バージョン 6

最新 中リスク

Jun 28, 2026, 09:54 AM

Static analysis flagged many command, network, secret, and weak-crypto patterns, including one critical combined-behavior heuristic. Review found no prompt injection, malicious exfiltration, or hidden executable code; most high-severity scanner hits are deployment-template placeholders or false positives. The skill should publish with a medium-risk warning because copyable templates include default development credentials, mutable image references, and production-facing network scaffolding.

9
スキャンされたファイル
723
解析された行数
8
検出結果
codex
監査者
中リスクの問題 (2)
templates/docker-compose.yml:16templates/docker-compose.yml:26-29
Copyable Default Database Credentials
The Docker Compose template includes a development DATABASE_URL with postgres:postgres and a POSTGRES_PASSWORD value of postgres. This is a true positive for sensitive configuration risk if users copy the template into shared or production environments, although the file labels it as development-only.
templates/k8s-manifests.yaml:31-32templates/helm-values.yaml:6-9templates/argocd-application.yaml:10-11
Unpinned Deployment Artifacts
Kubernetes and Helm templates use latest image tags, and the ArgoCD template tracks HEAD. These mutable references can make deployments non-reproducible and can weaken supply-chain controls when copied into production.
低リスクの問題 (3)
SKILL.md:25-33templates/Dockerfile:10templates/github-actions-pipeline.yml:30-36
Static External Command Matches Are Mostly Template Context
The SKILL.md backtick findings are markdown formatting and template references, not Ruby or shell backtick execution. Real command examples exist in Dockerfile and GitHub Actions templates, but they are expected build, test, scan, and deployment commands for a DevOps skill.
SKILL.md:3SKILL.md:173templates/argocd-application.yaml:11-13templates/terraform-aws.tf:57
Weak Cryptography Scanner Matches Not Confirmed
The weak-cryptography alerts at SKILL.md, terraform, and ArgoCD locations were not semantically confirmed. The reviewed lines contain descriptions, markdown references, Terraform sizing values, or the ArgoCD targetRevision value HEAD, not MD5, SHA1, DES, or similar weak crypto use.
templates/docker-compose.yml:9-10templates/terraform-aws.tf:30-31templates/k8s-manifests.yaml:90-95
Network Exposure Requires User Review
The templates define local port mappings, public subnets, and ingress hostnames. These are ordinary deployment examples, but users must restrict access and replace placeholders before production deployment.

リスク要因

⚙️ 外部コマンド (11)
templates/Dockerfile:10 templates/Dockerfile:18 templates/Dockerfile:24 templates/Dockerfile:31-32 templates/Dockerfile:40 templates/Dockerfile:48 templates/github-actions-pipeline.yml:30-36 templates/github-actions-pipeline.yml:55 templates/github-actions-pipeline.yml:70 templates/github-actions-pipeline.yml:128-130 templates/github-actions-pipeline.yml:139-140
🌐 ネットワークアクセス (8)
templates/argocd-application.yaml:10-14 templates/Dockerfile:48 templates/docker-compose.yml:9-10 templates/docker-compose.yml:32-33 templates/docker-compose.yml:42-43 templates/terraform-aws.tf:27-31 templates/k8s-manifests.yaml:90-95 templates/helm-values.yaml:15-28
🔑 環境変数 (6)
templates/docker-compose.yml:14-17 templates/docker-compose.yml:26-29 templates/github-actions-pipeline.yml:11-14 templates/github-actions-pipeline.yml:97-99 templates/k8s-manifests.yaml:36-43 templates/external-secrets.yaml:15-22

検出されたパターン

Credential And Secret References In TemplatesBuild And CI Shell CommandsNo Prompt Injection Attempt Found

監査バージョン 5

安全

Jan 16, 2026, 04:34 PM

This skill contains only declarative YAML and Terraform configuration templates for DevOps workflows. The static scanner flagged 66 potential issues, but ALL are false positives. The scanner misidentified markdown code formatting as shell execution, template placeholders as hardcoded secrets, and standard DevOps practices as security risks. Templates use proper security patterns including Kubernetes secrets references and GitHub Actions secrets injection.

10
スキャンされたファイル
953
解析された行数
3
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

🌐 ネットワークアクセス (10)
templates/argocd-application.yaml:10 templates/argocd-application.yaml:14 templates/Dockerfile:48 templates/terraform-aws.tf:27 templates/terraform-aws.tf:30 templates/terraform-aws.tf:30 templates/terraform-aws.tf:30 templates/terraform-aws.tf:31 templates/terraform-aws.tf:31 templates/terraform-aws.tf:31
⚙️ 外部コマンド (26)
SKILL.md:25-33 SKILL.md:33-46 SKILL.md:46-60 SKILL.md:60 SKILL.md:60-71 SKILL.md:71-72 SKILL.md:72-73 SKILL.md:73-78 SKILL.md:78 SKILL.md:78-80 SKILL.md:80 SKILL.md:80-91 SKILL.md:91-97 SKILL.md:97-109 SKILL.md:109-118 SKILL.md:118-128 SKILL.md:128-150 SKILL.md:150-165 SKILL.md:165-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186
🔑 環境変数 (4)
templates/docker-compose.yml:16 templates/docker-compose.yml:17 templates/github-actions-pipeline.yml:99 templates/k8s-manifests.yaml:39

監査バージョン 4

安全

Jan 16, 2026, 04:34 PM

This skill contains only declarative YAML and Terraform configuration templates for DevOps workflows. The static scanner flagged 66 potential issues, but ALL are false positives. The scanner misidentified markdown code formatting as shell execution, template placeholders as hardcoded secrets, and standard DevOps practices as security risks. Templates use proper security patterns including Kubernetes secrets references and GitHub Actions secrets injection.

10
スキャンされたファイル
953
解析された行数
3
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

リスク要因

🌐 ネットワークアクセス (10)
templates/argocd-application.yaml:10 templates/argocd-application.yaml:14 templates/Dockerfile:48 templates/terraform-aws.tf:27 templates/terraform-aws.tf:30 templates/terraform-aws.tf:30 templates/terraform-aws.tf:30 templates/terraform-aws.tf:31 templates/terraform-aws.tf:31 templates/terraform-aws.tf:31
⚙️ 外部コマンド (26)
SKILL.md:25-33 SKILL.md:33-46 SKILL.md:46-60 SKILL.md:60 SKILL.md:60-71 SKILL.md:71-72 SKILL.md:72-73 SKILL.md:73-78 SKILL.md:78 SKILL.md:78-80 SKILL.md:80 SKILL.md:80-91 SKILL.md:91-97 SKILL.md:97-109 SKILL.md:109-118 SKILL.md:118-128 SKILL.md:128-150 SKILL.md:150-165 SKILL.md:165-179 SKILL.md:179-180 SKILL.md:180-181 SKILL.md:181-182 SKILL.md:182-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186
🔑 環境変数 (4)
templates/docker-compose.yml:16 templates/docker-compose.yml:17 templates/github-actions-pipeline.yml:99 templates/k8s-manifests.yaml:39

監査バージョン 3

安全

Jan 10, 2026, 10:34 AM

This skill contains only declarative YAML/JSON configuration templates for DevOps workflows. No executable code, network calls, or file system access capabilities. All templates are standard infrastructure definitions (Dockerfile, Kubernetes manifests, GitHub Actions, Terraform) that match the stated purpose.

9
スキャンされたファイル
723
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

監査バージョン 2

安全

Jan 10, 2026, 10:34 AM

This skill contains only declarative YAML/JSON configuration templates for DevOps workflows. No executable code, network calls, or file system access capabilities. All templates are standard infrastructure definitions (Dockerfile, Kubernetes manifests, GitHub Actions, Terraform) that match the stated purpose.

9
スキャンされたファイル
723
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした

監査バージョン 1

安全

Jan 10, 2026, 10:34 AM

This skill contains only declarative YAML/JSON configuration templates for DevOps workflows. No executable code, network calls, or file system access capabilities. All templates are standard infrastructure definitions (Dockerfile, Kubernetes manifests, GitHub Actions, Terraform) that match the stated purpose.

9
スキャンされたファイル
723
解析された行数
0
検出結果
claude
監査者
セキュリティ問題は見つかりませんでした
← スキルに戻る