adaptive-enforcement-lab/network-security
plugins/secure/skills/network-security/SKILL.md
Secure GKE networking with VPC-native IP allocation, zero-trust network policies, Private Service Connect endpoints, and Cloud Armor DDoS protection layers.
development
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add adaptive-enforcement-lab/claude-skills network-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 11:19 AM36.6s1 file scanned
SKILL.md
- name:
- network-security
- description:
- >-
Network Security
When to Use This Skill
This section covers network security configurations for GKE clusters:
- VPC-Native Networking: Container-native IP allocation with Alias IP ranges
- Network Policies: Zero-trust network model with default-deny ingress
- Private Service Connect: Private connectivity to GCP services
- Cloud Armor: Layer 7 DDoS protection and Web Application Firewall
Prerequisites
- GCP project with billing enabled
- Terraform 1.0+
- kubectl configured for cluster access
Implementation
- Cluster Configuration - Private GKE, Workload Identity
- IAM Configuration - Least-privilege IAM
- Runtime Security - Pod Security Standards
Key Principles
Zero Trust Network
Implement default-deny network policies and explicitly allow traffic between services:
- All ingress traffic is blocked by default
- Only required pod-to-pod communication is permitted
- DNS and essential services are explicitly allowed
- Egress traffic is controlled per workload
Private Connectivity
Route traffic through private endpoints for secure, isolated connectivity:
- No public IP addresses required
- Traffic stays on Google's backbone
- Simplified security policy management
- Cross-project access supported
Layer 7 Protection
Cloud Armor provides application-level security:
- DDoS mitigation at the edge
- Geo-blocking and IP filtering
- Rate limiting and bot detection
- XSS and SQLi protection
Related Patterns
- Cluster Configuration
- IAM Configuration
- Runtime Security
References
- Source Documentation
- AEL Secure
Related Skills
adaptive-enforcement-lab/workload-identity-federation-implementation
documentation
VerifiedTrustedCommunity
Workload Identity Federation implementation guide. GKE setup, IAM bindings, ServiceAccount configuration, migration from service account keys, and troubleshooting patterns.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/workflow-trigger-security
development
VerifiedTrustedCommunity
Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/third-party-action-risk-assessment
development
VerifiedTrustedCommunity
Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.
SKILL.mdUpdated Mar 27, 2026
adaptive-enforcement-lab/storing-credentials
testing
VerifiedTrustedCommunity
Securely store GitHub App credentials across different environments. GitHub Actions secrets, external CI, Kubernetes, and automated rotation patterns.
SKILL.mdUpdated Mar 27, 2026