microsoft/secure-by-design
.github/skills/security/secure-by-design/SKILL.md
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core.
$ install --global
skillsauthnpx skillsauth add microsoft/hve-core secure-by-designInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:11 AM135.2s13 files scanned
SKILL.md
- name:
- secure-by-design
- description:
- Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core.
- license:
- OGL-UK-3.0 AND CC-BY-4.0
- user-invocable:
- false
- authors:
- UK Government Security Group, Australian Signals Directorate (ASD) ACSC
- spec_version:
- 1.0
- framework_revision:
- 1.0.0
- last_updated:
- 2026-03-27
- content_based_on:
- https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/ AND https://www.cyber.gov.au/business-government/secure-design/secure-by-design/secure-by-design-foundations
Secure by Design — Skill Entry
This SKILL.md is the entrypoint for the Secure by Design skill.
The skill synthesizes the UK Government Secure by Design Principles (10 principles) and the Australian ASD/ACSC Secure by Design Foundations (6 foundations) into structured, machine-readable references that an agent can query to identify, assess, and improve adherence to secure-by-design practices across the software lifecycle.
Normative references (Secure by Design)
- 00 Principle Index
- 01 Security Governance
- 02 Risk-Driven Approach
- 03 Secure Product Development
- 04 Supply Chain Security
- 05 Usable Security Controls
- 06 Detect and Respond
- 07 Flexible Architecture
- 08 Minimize Attack Surface
- 09 Defense in Depth
- 10 Continuous Assurance
- 11 Secure Deprecation
Skill layout
SKILL.md— this file (skill entrypoint).references/— the Secure by Design normative documents.00-principle-index.md— index of all principle identifiers, categories, source mappings, and cross-references.01through11— one document per synthesized principle area merging UK and AU guidance.
Third-Party Attribution
UK Government Secure by Design Principles
- Copyright: Crown Copyright, UK Government Security Group
- License: Open Government Licence v3.0 (OGL-UK-3.0)
- Source: https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/
- Modifications: Synthesized into structured principle-checklist format with cross-references; merged with Australian guidance into unified principle areas
- Trademark: Use of UK Government content does not imply endorsement
Australian ASD/ACSC Secure by Design Foundations
- Copyright: © Commonwealth of Australia, Australian Signals Directorate
- License: Creative Commons Attribution 4.0 (CC-BY-4.0)
- Source: https://www.cyber.gov.au/business-government/secure-design/secure-by-design/secure-by-design-foundations
- Modifications: Synthesized into structured principle-checklist format with cross-references; merged with UK guidance into unified principle areas
- Trademark: Use of ASD/ACSC content does not imply endorsement
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
Related Skills
microsoft/pr-reference
tools
VerifiedTrustedCommunity
Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. - Brought to you by microsoft/hve-core
909SKILL.mdUpdated Apr 9, 2026
microsoft/security-reviewer-formats
development
VerifiedTrustedCommunity
Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/owasp-top-10
development
VerifiedTrustedCommunity
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/owasp-mcp
tools
VerifiedTrustedCommunity
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026