From 110f7c3143f5512855d3f60ae8c85f49f8f38ea7 Mon Sep 17 00:00:00 2001 From: askalf <263217947+askalf@users.noreply.github.com> Date: Sat, 11 Jul 2026 19:27:15 -0400 Subject: [PATCH] ci(scorecard): security policy, dependabot, CodeQL, pinned workflows + Scorecard badge --- .github/dependabot.yml | 21 +++++++++++++++++++++ .github/workflows/ci.yml | 12 ++++++++---- .github/workflows/codeql.yml | 34 ++++++++++++++++++++++++++++++++++ README.md | 2 ++ SECURITY.md | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 97 insertions(+), 4 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 SECURITY.md diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..05a9d14 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: / + schedule: + interval: weekly + day: monday + open-pull-requests-limit: 5 + + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: monday + open-pull-requests-limit: 5 + # one PR per run — split bumps of codeql-action/init vs /analyze create a + # version mismatch that fails the CodeQL workflow + groups: + actions: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 83dc8c3..6c54524 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,14 +5,18 @@ on: branches: [master] pull_request: +permissions: + contents: read + jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 - # full install: the suite deps are git-hosted; the MCP SDK is on npm - - run: npm install --no-audit --no-fund + # npm ci verifies every integrity hash in the committed lockfile — the + # suite deps are git-hosted (pinned there too); the MCP SDK is on npm. + - run: npm ci --no-audit --no-fund - run: npm test diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..1213cec --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,34 @@ +name: CodeQL + +on: + push: + branches: [master] + pull_request: + branches: [master] + schedule: + - cron: '19 6 * * 2' + +permissions: + contents: read + +jobs: + analyze: + name: analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write # upload CodeQL results to code scanning + strategy: + fail-fast: false + matrix: + language: [javascript-typescript] + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.35.3 + with: + languages: ${{ matrix.language }} + queries: security-and-quality + - uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.35.3 + with: + category: "/language:${{ matrix.language }}" diff --git a/README.md b/README.md index d1ed993..a626f66 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # agent-security-stack +[![OpenSSF Scorecard](https://img.shields.io/ossf-scorecard/github.com/askalf/agent-security-stack?label=OpenSSF%20Scorecard)](https://scorecard.dev/viewer/?uri=github.com/askalf/agent-security-stack) + > _**Own your agent security.**_ The open-source agent-security suite — **[redstamp](https://github.com/askalf/redstamp) · [truecopy](https://github.com/askalf/truecopy) · [strongroom](https://github.com/askalf/strongroom)** — three tools that compose into one layered defense for every agent tool call, exposed as one MCP server. Part of **[Own Your Stack](https://github.com/askalf)**. OpenClaw became 2026's first big AI-security disaster three ways at once: one-click **RCE**, a **poisoned skills** marketplace, and ~135k **leaked credentials**. Three failure modes — three small, open-source, zero-dependency tools, composed into one layered defense: diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b09779c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +agent-security-stack composes redstamp, truecopy, and strongroom into one +layered defense exposed as a single MCP server. A vulnerability *here* means a +composition or configuration flaw that weakens the layers — e.g. the combined +MCP server dropping a verdict, mis-wiring a tool's gate, or leaking between +layers. + +## Reporting a vulnerability + +Please **do not open a public issue** for security reports. + +- **Preferred:** [GitHub private vulnerability reporting](https://github.com/askalf/agent-security-stack/security/advisories/new) — creates a private advisory visible only to maintainers. +- **Email:** support@askalf.org with `agent-security-stack security` in the subject. + +You'll get an acknowledgement within 72 hours. Please include a minimal +reproduction where possible. + +## Scope + +- **This repo:** the composition — the combined MCP server, suite wiring, audit + trail plumbing, demo/config defaults that would weaken the stack. +- **The individual tools:** report vulnerabilities in the layers themselves to + their own repos — [redstamp](https://github.com/askalf/redstamp/security/policy) + (runtime firewall), [truecopy](https://github.com/askalf/truecopy/security/policy) + (supply-chain gate), [strongroom](https://github.com/askalf/strongroom/security/policy) + (secrets). Each has its own threat model. + +## Supported versions + +Pre-1.0: only the latest release receives security fixes; there are no +maintenance branches.