microsoft · JasonTheDeveloper · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026
@@ -355,7 +355,7 @@ Users are responsible for verifying their repository's `.gitignore` configuratio
 
 **Subagents:** Codebase Profiler, Skill Assessor, Finding Deep Verifier, Report Generator
 
-**Critical:** Orchestrator-only pattern. Delegates codebase profiling, skill assessment, adversarial finding verification, and report generation to specialized subagents. Uses OWASP skills (`owasp-agentic`, `owasp-llm`, `owasp-top-10`) for vulnerability references. Supports incremental comparison with prior scan reports.
+**Critical:** Orchestrator-only pattern. Delegates codebase profiling, skill assessment, adversarial finding verification, and report generation to specialized subagents. Uses OWASP skills (`owasp-agentic`, `owasp-llm`, `owasp-top-10`, `owasp-cicd`) for vulnerability references. Supports incremental comparison with prior scan reports.
 
 ### code-review-functional
 

@@ -96,7 +96,7 @@ Report path pattern (plan): `.copilot-tracking/security/{{YYYY-MM-DD}}/plan-risk
 
 Sequence number resolution: Determine `{{NNN}}` by listing existing reports in the date directory, extracting the highest sequence number, incrementing by one, and zero-padding to three digits. Start at `001` when no reports exist.
 
-Skill resolution: Read the applicable OWASP skill (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`) to access vulnerability references. Follow the skill's normative reference links to load vulnerability reference documents.
+Skill resolution: Read the applicable OWASP skill (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`, `owasp-cicd`) to access vulnerability references. Follow the skill's normative reference links to load vulnerability reference documents.
 
 ### Subagents
 
@@ -112,6 +112,7 @@ Skill resolution: Read the applicable OWASP skill (e.g., `owasp-top-10`, `owasp-
 * owasp-agentic
 * owasp-llm
 * owasp-top-10
+* owasp-cicd
 
 ## Subagent Prompt Templates
 

@@ -31,7 +31,7 @@ Scan the repository to identify its technology stack and determine which OWASP s
 
 ## Constants
 
-Skill resolution: Read the applicable OWASP skill by name (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`).
+Skill resolution: Read the applicable OWASP skill by name (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`, `owasp-cicd`).
 
 ### Technology Signals
 
@@ -51,6 +51,14 @@ owasp-top-10:
   - "REST API endpoints"
   - "Server-side templates"
   - "Web framework config (Express, Django, Flask, Rails, Spring)"
+owasp-cicd:
+  - "CI/CD pipeline definitions"
+  - "Build scripts"
+  - "Deployment configurations"
+  - ".github/workflows/"
+  - "Jenkinsfile"
+  - ".gitlab-ci.yml"
+  - "azure-pipelines.yml"
 ```
 
 ## Codebase Profile Format

@@ -31,7 +31,7 @@ Perform deep adversarial verification of all FAIL and PARTIAL findings for a sin
 
 ## Constants
 
-Skill resolution: Read the applicable OWASP skill by name (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`). Follow the skill's normative reference links to access vulnerability references.
+Skill resolution: Read the applicable OWASP skill by name (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`, `owasp-cicd`). Follow the skill's normative reference links to access vulnerability references.
 
 Verdict values: CONFIRMED, DISPROVED, DOWNGRADED.
 

@@ -30,7 +30,7 @@ Assess exactly one OWASP skill per invocation. Read all vulnerability references
 
 ## Constants
 
-Skill resolution: Read the applicable OWASP skill by name (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`). Follow the skill's normative reference links to access the vulnerability index and individual vulnerability references.
+Skill resolution: Read the applicable OWASP skill by name (e.g., `owasp-top-10`, `owasp-llm`, `owasp-agentic`, `owasp-cicd`). Follow the skill's normative reference links to access the vulnerability index and individual vulnerability references.
 
 ### Status Values
 

@@ -2,7 +2,7 @@
 name: security-review
 agent: Security Reviewer
 description: "Runs an OWASP vulnerability assessment against the current codebase - Brought to you by microsoft/hve-core"
-argument-hint: "[scope=path/to/dir] [mode={audit|diff|plan}] [targetSkill={owasp-top-10|owasp-llm|owasp-agentic}]"
+argument-hint: "[scope=path/to/dir] [mode={audit|diff|plan}] [targetSkill={owasp-top-10|owasp-llm|owasp-agentic|owasp-cicd}]"
 ---
 
 # Vulnerability Scan
@@ -13,7 +13,7 @@ argument-hint: "[scope=path/to/dir] [mode={audit|diff|plan}] [targetSkill={owasp
 ## Inputs
 
 * ${input:mode:audit}: (Optional, defaults to audit) Scanning mode: `audit`, `diff`, or `plan`.
-* ${input:targetSkill}: (Optional) Single OWASP skill to assess. Bypasses codebase profiling when provided. Available skills: `owasp-agentic`, `owasp-llm`, `owasp-top-10`.
+* ${input:targetSkill}: (Optional) Single OWASP skill to assess. Bypasses codebase profiling when provided. Available skills: `owasp-agentic`, `owasp-llm`, `owasp-top-10`, `owasp-cicd`.
 * ${input:scope}: (Optional) Specific directories or paths to focus on. When omitted, assesses the full codebase.
 * ${input:plan}: (Optional) Implementation plan document path. Inferred from attached files or conversation context when not provided.
 

@@ -0,0 +1,45 @@
+---
+name: owasp-cicd
+description: OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments - Brought to you by microsoft/hve-core.
+license: CC-BY-SA-4.0
+user-invocable: false
+metadata:
+  authors: "OWASP CI/CD Security Project"
+  spec_version: "1.0"
+  framework_revision: "1.0.0"
+  last_updated: "2026-02-16"
+  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
+  content_based_on: "https://owasp.org/www-project-top-10-ci-cd-security-risks/"
+---
+
+# OWASP CI/CD Top 10 — Skill Entry
+
+This `SKILL.md` is the **entrypoint** for the OWASP CI/CD Top 10 skill.
+
+The skill encodes the **OWASP Top 10 CI/CD Security Risks** as structured, machine-readable references
+that an agent can query to identify, assess, and remediate CI/CD pipeline security risks.
+
+## Normative references (CI/CD Top 10)
+
+1. [00 Vulnerability Index](references/00-vulnerability-index.md)
+2. [01 Insufficient Flow Control Mechanisms](references/01-insufficient-flow-control-mechanisms.md)
+3. [02 Inadequate Identity and Access Management](references/02-inadequate-identity-access-management.md)
+4. [03 Dependency Chain Abuse](references/03-dependency-chain-abuse.md)
+5. [04 Poisoned Pipeline Execution](references/04-poisoned-pipeline-execution.md)
+6. [05 Insufficient PBAC](references/05-insufficient-pbac.md)
+7. [06 Insufficient Credential Hygiene](references/06-insufficient-credential-hygiene.md)
+8. [07 Insecure System Configuration](references/07-insecure-system-configuration.md)
+9. [08 Ungoverned Usage of 3rd Party Services](references/08-ungoverned-usage-of-3rd-party-services.md)
+10. [09 Improper Artifact Integrity Validation](references/09-improper-artifact-integrity-validation.md)
+11. [10 Insufficient Logging and Visibility](references/10-insufficient-logging-visibility.md)
+
+## Skill layout
+
+* `SKILL.md` — this file (skill entrypoint).
+* `references/` — the CI/CD Top 10 normative documents.
+  * `00-vulnerability-index.md` — index of all vulnerability identifiers, categories, and cross-references.
+  * `01` through `10` — one document per vulnerability aligned with OWASP CI/CD Security numbering.
+
+---
+
+*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -0,0 +1,82 @@
+---
+title: 'OWASP CI/CD Top 10 Vulnerability Index'
+description: Index of OWASP Top 10 CI/CD Security Risks (2025) vulnerability identifiers, categories, and cross-references
+---
+
+# 00 Vulnerability Index
+
+This document provides the index for the OWASP CI/CD Security Top 10 vulnerabilities.
+Each entry includes its identifier, title, and primary category.
+
+## Vulnerability catalog
+
+| ID | Title | Category |
+|---|---|---|
+| CICD-SEC-1:2025 | Insufficient Flow Control Mechanisms | Flow Control |
+| CICD-SEC-2:2025 | Inadequate Identity and Access Management | Identity Management |
+| CICD-SEC-3:2025 | Dependency Chain Abuse | Supply Chain |
+| CICD-SEC-4:2025 | Poisoned Pipeline Execution | Pipeline Security |
+| CICD-SEC-5:2025 | Insufficient PBAC | Access Controls |
+| CICD-SEC-6:2025 | Insufficient Credential Hygiene | Credential Management |
+| CICD-SEC-7:2025 | Insecure System Configuration | Configuration Management |
+| CICD-SEC-8:2025 | Ungoverned Usage of 3rd Party Services | Third-Party Governance |
+| CICD-SEC-9:2025 | Improper Artifact Integrity Validation | Artifact Integrity |
+| CICD-SEC-10:2025 | Insufficient Logging and Visibility | Logging and Visibility |
+
+## Cross-reference matrix
+
+Each vulnerability document follows a consistent structure:
+
+1. Description — what the vulnerability is and how it manifests in CI/CD environments.
+2. Risk — concrete consequences of exploitation and business impact.
+3. Vulnerability checklist — indicators that the environment is exposed.
+4. Prevention controls — defensive measures and rectification steps.
+5. Example attack scenarios — realistic exploitation narratives.
+6. Detection guidance — signals and methods to identify exposure.
+7. Remediation — immediate and long-term actions to contain and resolve.
+
+## Category groupings
+
+### Flow Control
+
+* CICD-SEC-1:2025 Insufficient Flow Control Mechanisms
+
+### Identity Management
+
+* CICD-SEC-2:2025 Inadequate Identity and Access Management
+
+### Supply Chain
+
+* CICD-SEC-3:2025 Dependency Chain Abuse
+
+### Pipeline Security
+
+* CICD-SEC-4:2025 Poisoned Pipeline Execution
+
+### Access Controls
+
+* CICD-SEC-5:2025 Insufficient PBAC
+
+### Credential Management
+
+* CICD-SEC-6:2025 Insufficient Credential Hygiene
+
+### Configuration Management
+
+* CICD-SEC-7:2025 Insecure System Configuration
+
+### Third-Party Governance
+
+* CICD-SEC-8:2025 Ungoverned Usage of 3rd Party Services
+
+### Artifact Integrity
+
+* CICD-SEC-9:2025 Improper Artifact Integrity Validation
+
+### Logging and Visibility
+
+* CICD-SEC-10:2025 Insufficient Logging and Visibility
+
+---
+
+*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*
@@ -0,0 +1,103 @@
+---
+title: 'CICD-SEC-1: Insufficient Flow Control Mechanisms'
+description: OWASP CI/CD Top 10 reference for insufficient flow control vulnerabilities including unauthorized code changes and deployment bypass
+---
+
+# 01 Insufficient Flow Control Mechanisms
+
+Identifier: CICD-SEC-1:2025
+Category: Flow Control
+
+## Description
+
+Insufficient flow control mechanisms refer to the ability of an attacker that has obtained permissions
+to a system within the CI/CD process (SCM, CI, artifact repository) to single-handedly push malicious
+code or artifacts down the pipeline, due to a lack of mechanisms that enforce additional approval or
+review.
+
+CI/CD flows are designed for speed. New code can be created on a developer's machine and reach
+production within minutes, often with full reliance on automation and minimal human involvement.
+Since CI/CD processes are the highway to highly gated and secured production environments,
+organizations must introduce measures and controls to ensure that no single entity (human or
+application) can push code or artifacts through the pipeline without undergoing a strict set of
+reviews and approvals.
+
+## Risk
+
+* An attacker with access to the SCM, CI, or downstream systems can deploy malicious artifacts
+  potentially all the way to production without any approval or review.
+* Pushing code to a repository branch that is automatically deployed through the pipeline to
+  production.
+* Abusing auto-merge rules that automatically merge pull requests meeting a predefined set of
+  requirements, pushing malicious unreviewed code.
+* Abusing insufficient branch protection rules, such as excluding specific users or branches, to
+  bypass protections and push malicious unreviewed code.
+* Uploading artifacts to a repository in the guise of a legitimate artifact created by the build
+  environment, which may be picked up by a deploy pipeline and deployed to production.
+* Directly changing application code or infrastructure in production without additional verification.
+
+## Vulnerability checklist
+
+* Repository branches hosting production code lack branch protection rules.
+* Users or branches are excluded from branch protection rules.
+* Auto-merge rules exist that can be bypassed or manipulated.
+* Pipeline triggers do not require additional approval for production deployments.
+* Artifacts uploaded by non-CI service accounts are not blocked or reviewed before flowing through
+  the pipeline.
+* No drift detection exists between code running in production and its CI/CD origin.
+* Single accounts have both push-to-repository and trigger-deployment permissions.
+
+## Prevention controls
+
+1. Configure branch protection rules on branches hosting code used in production and other
+   sensitive systems.
+2. Avoid excluding user accounts or branches from branch protection rules.
+3. Ensure accounts with permission to push unreviewed code do not also have permission to trigger
+   deployment pipelines connected to the repository.
+4. Limit auto-merge rule usage and ensure they apply to the minimal number of contexts.
+5. Review auto-merge rule code thoroughly to prevent bypass and avoid importing third-party code
+   in the auto-merge process.
+6. Prevent accounts from triggering production build and deployment pipelines without additional
+   approval or review.
+7. Allow artifacts to flow through the pipeline only when created by a pre-approved CI service
+   account.
+8. Detect and prevent drifts between code running in production and its CI/CD origin, and modify
+   any resource that contains a drift.
+
+## Example attack scenarios
+
+### Scenario A — Unprotected branch deployment
+
+An attacker gains access to a developer account on the SCM. The main branch lacks branch protection
+rules. The attacker pushes malicious code directly to the main branch, triggering an automated
+pipeline that deploys the code to production without any review or approval gate.
+
+### Scenario B — Auto-merge rule bypass
+
+An organization uses auto-merge rules to merge pull requests that pass automated checks. An attacker
+crafts a pull request that satisfies the auto-merge criteria while containing a malicious payload
+hidden in an overlooked file type. The PR is automatically merged and deployed to production without
+human review.
+
+## Detection guidance
+
+* Audit branch protection rule configurations across all repositories hosting production code.
+* Review auto-merge rule logic and history of auto-merged pull requests for anomalies.
+* Monitor pipeline triggers and correlate them with code review and approval records.
+* Detect configuration drifts between deployed resources and their CI/CD source definitions.
+* Alert on artifacts flowing through deployment pipelines that were not produced by approved CI
+  service accounts.
+
+## Remediation
+
+* Enable and enforce branch protection rules on all branches linked to production deployments.
+* Remove all user and branch exclusions from branch protection rules.
+* Separate push-to-repository and trigger-deployment permissions across distinct accounts.
+* Audit and harden all auto-merge rules, removing those that are overly permissive.
+* Implement artifact provenance validation to ensure only CI-produced artifacts enter deploy
+  pipelines.
+* Deploy drift detection tooling to identify and alert on unauthorized production changes.
+
+---
+
+*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*