Skip to content

feat: K8s + container skills, tests for all skills, example configs#12

Merged
msaad00 merged 1 commit intomainfrom
feat/tests-examples-k8s-containers
Apr 9, 2026
Merged

feat: K8s + container skills, tests for all skills, example configs#12
msaad00 merged 1 commit intomainfrom
feat/tests-examples-k8s-containers

Conversation

@msaad00
Copy link
Copy Markdown
Owner

@msaad00 msaad00 commented Apr 9, 2026

Summary

New skills

  • k8s-security-benchmark: 10 checks, 14 tests — pod security, RBAC, network policies, secrets, image pinning
  • container-security: 8 checks, 14 tests — Dockerfile best practices, image security, runtime isolation

Tests added for all previously untested skills

  • cspm-aws-cis-benchmark: 16 tests (moto)
  • cspm-gcp-cis-benchmark: 8 tests (mock)
  • cspm-azure-cis-benchmark: 6 tests (mock)
  • vuln-remediation-pipeline: 10 tests

Example configs

Users can run checks immediately without real infrastructure:

  • model-serving: secure + insecure JSON
  • gpu-cluster: secure + insecure JSON
  • k8s: secure cluster JSON
  • container: secure image JSON

README cleanup

Removed agent-bom integration section — cloud-security is standalone.

Total: 10 skills, 159 tests, example configs for 4 skills

Test plan

  • K8s: 14 tests pass
  • Container: 14 tests pass
  • Model serving: 31 tests pass
  • GPU cluster: 31 tests pass
  • Discover: 15 tests pass
  • All lint clean

@msaad00
feat: K8s + container skills, tests for all untested skills, example …
4470907 
…configs

New skills:
- k8s-security-benchmark: 10 checks (pod security, RBAC, network policies,
  secrets, image pinning). CIS Kubernetes Benchmark mapped. 14 tests.
- container-security: 8 checks (Dockerfile best practices, image security,
  runtime isolation). CIS Docker Benchmark mapped. 14 tests.

Tests for previously untested skills:
- cspm-aws-cis-benchmark: 16 tests (moto-mocked AWS)
- cspm-gcp-cis-benchmark: 8 tests (mock SDK)
- cspm-azure-cis-benchmark: 6 tests (mock SDK)
- vuln-remediation-pipeline: 10 tests (triage logic)

Example configs (run checks without real infrastructure):
- model-serving-security: secure + insecure examples
- gpu-cluster-security: secure + insecure examples
- k8s-security-benchmark: secure cluster example
- container-security: secure image example

README: removed agent-bom integration section (cloud-security is standalone).
CI: added test jobs for K8s + container skills.
CLAUDE.md: updated skill list.
@msaad00 msaad00 merged commit 5a37664 into main Apr 9, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@msaad00