secure-by-design
作者: microsoft
安全设计原则知识库,用于评估软件全生命周期中安全优先的设计、开发与部署实践的符合程度。
npx skills add https://github.com/microsoft/hve-core --skill secure-by-designSecure by Design — Skill Entry
This SKILL.md is the entrypoint for the Secure by Design skill.
The skill synthesizes the UK Government Secure by Design Principles (10 principles) and the Australian ASD/ACSC Secure by Design Foundations (6 foundations) into structured, machine-readable references that an agent can query to identify, assess, and improve adherence to secure-by-design practices across the software lifecycle.
Normative references (Secure by Design)
- 00 Principle Index
- 01 Security Governance
- 02 Risk-Driven Approach
- 03 Secure Product Development
- 04 Supply Chain Security
- 05 Usable Security Controls
- 06 Detect and Respond
- 07 Flexible Architecture
- 08 Minimize Attack Surface
- 09 Defense in Depth
- 10 Continuous Assurance
- 11 Secure Deprecation
Skill layout
SKILL.md— this file (skill entrypoint).references/— the Secure by Design normative documents.00-principle-index.md— index of all principle identifiers, categories, source mappings, and cross-references.01through11— one document per synthesized principle area merging UK and AU guidance.
Third-Party Attribution
UK Government Secure by Design Principles
- Copyright: Crown Copyright, UK Government Security Group
- License: Open Government Licence v3.0 (OGL-UK-3.0)
- Source: https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/
- Modifications: Synthesized into structured principle-checklist format with cross-references; merged with Australian guidance into unified principle areas
- Trademark: Use of UK Government content does not imply endorsement
Australian ASD/ACSC Secure by Design Foundations
- Copyright: © Commonwealth of Australia, Australian Signals Directorate
- License: Creative Commons Attribution 4.0 (CC-BY-4.0)
- Source: https://www.cyber.gov.au/business-government/secure-design/secure-by-design/secure-by-design-foundations
- Modifications: Synthesized into structured principle-checklist format with cross-references; merged with UK guidance into unified principle areas
- Trademark: Use of ASD/ACSC content does not imply endorsement
来自 microsoft 的更多技能
oss-growth
microsoft
OSS增长黑客角色
official
microsoft-foundry
microsoft
端到端部署、评估和管理Foundry代理:Docker构建、ACR推送、托管/提示代理创建、容器启动、批量评估、持续评估、提示优化工作流、agent.yaml、从追踪中整理数据集。用途:将代理部署到Foundry、托管代理、创建代理、调用代理、评估代理、运行批量评估、持续评估、持续监控、持续评估状态、优化提示、改进提示、提示优化器、优化代理指令、改进代理...
officialdevelopmentdevops
azure-ai
microsoft
用于Azure AI:搜索、语音、OpenAI、文档智能。支持搜索、向量/混合搜索、语音转文字、文字转语音、转录、OCR。适用场景:AI搜索、查询搜索、向量搜索、混合搜索、语义搜索、语音转文字、文字转语音、转录、OCR、文字转语音。
officialdevelopmentapi
azure-deploy
microsoft
对已准备好的应用程序执行Azure部署,这些程序需包含现有的.azure/deployment-plan.md和基础设施文件。当用户要求创建新应用程序时,请勿使用此技能——应改用azure-prepare。此技能运行azd up、azd deploy、terraform apply和az deployment命令,并内置错误恢复机制。需要来自azure-prepare的.azure/deployment-plan.md以及来自azure-validate的已验证状态。适用场景:"运行azd up"、"运行azd deploy"、"执行部署"...
officialdevopsaws
azure-storage
microsoft
Azure存储服务,包括Blob存储、文件共享、队列存储、表存储和Data Lake。解答关于存储访问层(热、冷、冷、归档)的问题,说明各层的使用场景及对比。提供对象存储、SMB文件共享、异步消息传递、NoSQL键值存储和大数据分析。包含生命周期管理。用途:Blob存储、文件共享、队列存储、表存储、Data Lake、上传文件、下载Blob、存储账户、访问层等。
officialdevelopmentdatabase
azure-diagnostics
microsoft
使用AppLens、Azure Monitor、资源健康和安全分类调试Azure生产问题。适用场景:调试生产问题、排查应用服务、应用服务CPU过高、应用服务部署失败、排查容器应用、排查函数、排查AKS、kubectl无法连接、kube-system/CoreDNS故障、Pod挂起、CrashLoop、节点未就绪、升级失败、分析日志、KQL、洞察、镜像拉取失败、冷启动问题、健康探测失败……
officialdevopsdevelopment
azure-prepare
microsoft
为Azure应用准备部署(基础设施Bicep/Terraform、azure.yaml、Dockerfile)。用于创建/现代化或创建+部署;不用于跨云迁移(使用azure-cloud-migrate)。请勿用于:copilot-sdk应用(使用azure-hosted-copilot-sdk)。适用场景:"创建应用"、"构建Web应用"、"创建API"、"创建无服务器HTTP API"、"创建前端"、"创建后端"、"构建服务"、"现代化应用"、"更新应用"、"添加身份验证"、"添加缓存"、"托管在Azure上"、"创建并...
officialdevelopmentdevops
azure-validate
microsoft
部署前对Azure就绪状态进行验证。对配置、基础设施(Bicep或Terraform)、RBAC角色分配、托管标识权限及先决条件进行深度检查,然后再部署。适用场景:验证我的应用、检查部署就绪状态、运行预检、验证配置、检查是否可部署、验证azure.yaml、验证Bicep、部署前测试、排查部署错误、验证Azure Functions、验证函数应用、验证无服务器...
officialdevopstesting