adaptive-enforcement-lab/github-core-app-setup
plugins/secure/skills/github-core-app-setup/SKILL.md
Configure organization-level GitHub Apps for secure cross-repository automation. Machine identity, audit trails, and enterprise-grade authentication.
tools
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add adaptive-enforcement-lab/claude-skills github-core-app-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 11:14 AM36.7s1 file scanned
SKILL.md
- name:
- github-core-app-setup
- description:
- >-
GitHub Core App Setup
When to Use This Skill
This guide describes the concept, setup, and configuration of a GitHub Core App for organization-level automation.
Prerequisites
Required Access
Required Access
To create a Core App, you need:
- Organization owner role
- Access to organization settings:
https://github.com/organizations/{ORG}/settings/apps
Planning Considerations
Planning Considerations
Before creating the app, determine:
- Permission scope - Which repository and organization permissions are needed
- Installation scope - All repositories or specific teams
- Token management - Where secrets will be stored (repository or organization level)
- Naming convention - Standard naming (e.g., "CORE App", "Automation Core")
Implementation
See the full implementation guide in the source documentation.
Comparison
| Aspect | Core App | Standard App | | -------- | ---------- | -------------- | | Scope | Organization-wide | Single repository or selected repos | | Purpose | Infrastructure automation | Feature-specific functionality | | Permissions | Broad, covers common operations | Narrow, task-specific | | Installation | All repositories | Selective repositories | | Ownership | Organization-level admin | Project or team | | Lifespan | Permanent infrastructure | Project lifecycle |
References
- Source Documentation
- AEL Secure
Related Skills
adaptive-enforcement-lab/workload-identity-federation-implementation
documentation
VerifiedTrustedCommunity
Workload Identity Federation implementation guide. GKE setup, IAM bindings, ServiceAccount configuration, migration from service account keys, and troubleshooting patterns.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/workflow-trigger-security
development
VerifiedTrustedCommunity
Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/third-party-action-risk-assessment
development
VerifiedTrustedCommunity
Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/storing-credentials
testing
VerifiedTrustedCommunity
Securely store GitHub App credentials across different environments. GitHub Actions secrets, external CI, Kubernetes, and automated rotation patterns.
SKILL.mdUpdated Mar 27, 2026