1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# cc-audit CI Workflow
# Copy this workflow to your project's .github/workflows/ directory
name: CC Audit
on:
push:
branches:
pull_request:
branches:
jobs:
cc-audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Option 1: Install via cargo (recommended for Rust projects)
- name: Install cc-audit (cargo)
run: cargo install cc-audit
# Option 2: Install via npm (for Node.js projects)
# - name: Install cc-audit (npm)
# run: npm install -g @anthropic/cc-audit
# Option 3: Download from GitHub Releases
# - name: Install cc-audit (binary)
# run: |
# curl -fsSL https://github.com/ryo-ebata/cc-audit/releases/latest/download/cc-audit-x86_64-unknown-linux-gnu.tar.gz | tar xz
# sudo mv cc-audit /usr/local/bin/
- name: Audit Claude Code Skills
run: cc-audit check --type skill --ci .
- name: Audit Hooks
run: cc-audit check --type hook --ci .
- name: Audit MCP Configurations
run: cc-audit check --type mcp --ci .
- name: Audit Custom Commands
run: cc-audit check --type command --ci .
- name: Audit Dockerfiles
run: cc-audit check --type docker --ci .
- name: Audit Dependencies
run: cc-audit check --type dependency --ci .
# Strict mode: fail on any finding
# - name: Strict Audit
# run: cc-audit check --type skill --strict --ci .
# Generate SARIF report for GitHub Security tab
# - name: Generate SARIF Report
# run: cc-audit check --type skill --format sarif -o results.sarif .
# continue-on-error: true
# - name: Upload SARIF to GitHub Security
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: results.sarif