Run any Skill in Manus with one click

Get Started

$pwd:

orchestratesecurity

Name: Orchestratesecurity
Author: kagenti

// Add security governance to a target repo - CODEOWNERS, SECURITY.md, CONTRIBUTING.md, LICENSE, .gitignore audit

Run Skill in Manus

$ git log --oneline --stat

stars:12

forks:39

updated:March 12, 2026 at 20:13

SKILL.md

readonly

name	orchestrate:security
description	Add security governance to a target repo - CODEOWNERS, SECURITY.md, CONTRIBUTING.md, LICENSE, .gitignore audit

flowchart TD
    START(["/orchestrate:security"]) --> READ["Read plan + scan report"]:::orch
    READ --> CODEOWNERS["Create CODEOWNERS"]:::orch
    CODEOWNERS --> SECURITY_MD["Create SECURITY.md"]:::orch
    SECURITY_MD --> CONTRIBUTING["Create CONTRIBUTING.md"]:::orch
    CONTRIBUTING --> LICENSE["Verify/add LICENSE"]:::orch
    LICENSE --> GITIGNORE["Audit .gitignore"]:::orch
    GITIGNORE --> BRANCH_PROT["Document branch protection"]:::orch
    BRANCH_PROT --> BRANCH["Create branch"]:::orch
    BRANCH --> SIZE{Under 700 lines?}
    SIZE -->|Yes| PR["Commit + open PR"]:::orch
    SIZE -->|No| SPLIT["Split into sub-PRs"]:::orch
    SPLIT --> PR
    PR --> DONE([Phase complete])

    classDef orch fill:#FF9800,stroke:#333,color:white

Follow this diagram as the workflow.

Orchestrate: Security Governance

Add security governance files to a target repository. This is Phase 5 and produces PR #4. Focuses on governance and policy files — CI-related security (scanning, dependabot, scorecard) is handled by orchestrate:ci.

When to Use

After orchestrate:plan identifies security governance as a needed phase
After precommit, tests, and CI phases

Prerequisites

Plan exists with security phase
Scan report exists (to know what's missing)
Target repo in .repos/<target>/

Step 1: CODEOWNERS

Create CODEOWNERS at repo root or .github/CODEOWNERS:

# Default owners for everything
* @org/team-leads

# Platform and CI
.github/ @org/platform
Makefile @org/platform

# Documentation
docs/ @org/docs-team
*.md @org/docs-team

Adapt teams and paths based on:

The scan report's identified tech stack
The org's team structure (check other repos for patterns)
Key directories that need specialized review

Step 2: SECURITY.md

Create SECURITY.md with vulnerability reporting guidance:

# Security Policy

## Reporting a Vulnerability

Please report security vulnerabilities through GitHub Security Advisories:
**[Report a vulnerability](https://github.com/org/repo/security/advisories/new)**

Do NOT open public issues for security vulnerabilities.

## Response Timeline

- **Acknowledgment:** Within 48 hours
- **Initial assessment:** Within 7 days
- **Fix timeline:** Based on severity

## Security Controls

This repository uses:
- CI security scanning (Trivy, CodeQL)
- Dependency updates via Dependabot
- OpenSSF Scorecard monitoring
- Pre-commit hooks for local checks

Adapt the security controls list based on what orchestrate:ci actually deployed to this repo.

Step 3: CONTRIBUTING.md

Create CONTRIBUTING.md with development workflow:

# Contributing

## Development Setup

[Adapt to tech stack from scan report]

## Pull Request Process

1. Fork the repository
2. Create a feature branch from `main`
3. Make your changes with tests
4. Run pre-commit hooks: `pre-commit run --all-files`
5. Submit a pull request

## Commit Messages

Use conventional commit format:
- `feat:` New features
- `fix:` Bug fixes
- `docs:` Documentation changes
- `chore:` Maintenance tasks

All commits must be signed off (`git commit -s`).

## Code of Conduct

[Link to org-level CoC if exists]

Step 4: LICENSE

Check if LICENSE exists. If missing:

Check the org's standard license
Add the appropriate LICENSE file
If unsure, flag in the PR for maintainer decision

Step 5: .gitignore Audit

Check for missing patterns and add them:

Secrets and credentials:

.env, .env.*, .env.local
*.key, *.pem, *.p12, *.jks
credentials.*, secrets.*
kubeconfig, *kubeconfig*

IDE and OS files:

.idea/, .vscode/
.DS_Store, Thumbs.db

Build artifacts (language-specific):

Python: __pycache__/, *.pyc, .ruff_cache/, dist/, *.egg-info/
Go: binary names from go.mod module path
Node: node_modules/, dist/, .next/

Do not remove existing patterns. Only add missing ones.

Step 6: Branch Protection Documentation

Document in the PR description (can't auto-apply via PR):

Recommended branch protection rules for main:

Require PR reviews (minimum 1 approval)
Require status checks to pass (list the CI checks from orchestrate:ci)
Require signed commits (if org policy)
Disable force push to main
Require branches to be up to date before merging
Require conversation resolution before merging

Branch and PR Workflow

git -C .repos/<target> checkout -b orchestrate/security

PR size check

git -C .repos/<target> diff --stat | tail -1

Commit and push

git -C .repos/<target> add -A

git -C .repos/<target> commit -s -m "feat: add security governance (CODEOWNERS, SECURITY.md, CONTRIBUTING.md, .gitignore)"

git -C .repos/<target> push -u origin orchestrate/security

Create PR

gh pr create --repo org/repo --title "Add security governance files" --body "Phase 5 of repo orchestration. Adds CODEOWNERS, SECURITY.md, CONTRIBUTING.md, LICENSE verification, and .gitignore hardening."

Update Phase Status

Set security to complete in phase-status.md.

Related Skills

orchestrate — Parent router
orchestrate:ci — Previous phase (CI-related security is there)
orchestrate:plan — Defines security phase tasks
orchestrate:replicate — Next phase: bootstrap skills

related-skills.json

same repository

summarizer.md

from "kagenti/agent-examples"

Use this skill when you need to create clear, concise summaries of information. This includes summarizing long documents, articles, meeting notes, technical documentation, research papers, or any text that needs to be condensed while preserving key information. The skill provides techniques for extractive and abstractive summarization, bullet-point formatting, and executive summaries.

2026-04-3012

orchestrateci.md

from "kagenti/agent-examples"

Add comprehensive CI workflows to a target repo - lint, test, build, security scanning, dependabot, scorecard, action pinning

2026-03-1212

orchestrateplan.md

from "kagenti/agent-examples"

Brainstorm and create phased enhancement plan for a target repo - PR sizing, phase selection, task breakdown

2026-03-1212

orchestrateprecommit.md

from "kagenti/agent-examples"

Add pre-commit hooks, linting, CLAUDE.md, and foundational .claude/ setup to a target repo

2026-03-1212

orchestratereview.md

from "kagenti/agent-examples"

Review all orchestration PRs before merge - per-PR checks, cross-PR consistency, and coordinated approval

2026-03-1212

orchestratescan.md

from "kagenti/agent-examples"

Scan and assess a target repository - tech stack, CI maturity, security posture, test coverage, supply chain health

2026-03-1212

package.json

"author": "kagenti"

"repository": "kagenti/agent-examples"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Computer and Information Systems ManagersManagement Occupations11-3021L4

name	orchestrate:security
description	Add security governance to a target repo - CODEOWNERS, SECURITY.md, CONTRIBUTING.md, LICENSE, .gitignore audit

flowchart TD
    START(["/orchestrate:security"]) --> READ["Read plan + scan report"]:::orch
    READ --> CODEOWNERS["Create CODEOWNERS"]:::orch
    CODEOWNERS --> SECURITY_MD["Create SECURITY.md"]:::orch
    SECURITY_MD --> CONTRIBUTING["Create CONTRIBUTING.md"]:::orch
    CONTRIBUTING --> LICENSE["Verify/add LICENSE"]:::orch
    LICENSE --> GITIGNORE["Audit .gitignore"]:::orch
    GITIGNORE --> BRANCH_PROT["Document branch protection"]:::orch
    BRANCH_PROT --> BRANCH["Create branch"]:::orch
    BRANCH --> SIZE{Under 700 lines?}
    SIZE -->|Yes| PR["Commit + open PR"]:::orch
    SIZE -->|No| SPLIT["Split into sub-PRs"]:::orch
    SPLIT --> PR
    PR --> DONE([Phase complete])

    classDef orch fill:#FF9800,stroke:#333,color:white

Follow this diagram as the workflow.

Orchestrate: Security Governance

When to Use

After orchestrate:plan identifies security governance as a needed phase
After precommit, tests, and CI phases

Prerequisites

Plan exists with security phase
Scan report exists (to know what's missing)
Target repo in .repos/<target>/

Step 1: CODEOWNERS

Create CODEOWNERS at repo root or .github/CODEOWNERS:

# Default owners for everything
* @org/team-leads

# Platform and CI
.github/ @org/platform
Makefile @org/platform

# Documentation
docs/ @org/docs-team
*.md @org/docs-team

Adapt teams and paths based on:

The scan report's identified tech stack
The org's team structure (check other repos for patterns)
Key directories that need specialized review

Step 2: SECURITY.md

Create SECURITY.md with vulnerability reporting guidance:

# Security Policy

## Reporting a Vulnerability

Please report security vulnerabilities through GitHub Security Advisories:
**[Report a vulnerability](https://github.com/org/repo/security/advisories/new)**

Do NOT open public issues for security vulnerabilities.

## Response Timeline

- **Acknowledgment:** Within 48 hours
- **Initial assessment:** Within 7 days
- **Fix timeline:** Based on severity

## Security Controls

This repository uses:
- CI security scanning (Trivy, CodeQL)
- Dependency updates via Dependabot
- OpenSSF Scorecard monitoring
- Pre-commit hooks for local checks

Adapt the security controls list based on what orchestrate:ci actually deployed to this repo.

Step 3: CONTRIBUTING.md

Create CONTRIBUTING.md with development workflow:

# Contributing

## Development Setup

[Adapt to tech stack from scan report]

## Pull Request Process

1. Fork the repository
2. Create a feature branch from `main`
3. Make your changes with tests
4. Run pre-commit hooks: `pre-commit run --all-files`
5. Submit a pull request

## Commit Messages

Use conventional commit format:
- `feat:` New features
- `fix:` Bug fixes
- `docs:` Documentation changes
- `chore:` Maintenance tasks

All commits must be signed off (`git commit -s`).

## Code of Conduct

[Link to org-level CoC if exists]

Step 4: LICENSE

Check if LICENSE exists. If missing:

Check the org's standard license
Add the appropriate LICENSE file
If unsure, flag in the PR for maintainer decision

Step 5: .gitignore Audit

Check for missing patterns and add them:

Secrets and credentials:

.env, .env.*, .env.local
*.key, *.pem, *.p12, *.jks
credentials.*, secrets.*
kubeconfig, *kubeconfig*

IDE and OS files:

.idea/, .vscode/
.DS_Store, Thumbs.db

Build artifacts (language-specific):

Python: __pycache__/, *.pyc, .ruff_cache/, dist/, *.egg-info/
Go: binary names from go.mod module path
Node: node_modules/, dist/, .next/

Do not remove existing patterns. Only add missing ones.

Step 6: Branch Protection Documentation

Document in the PR description (can't auto-apply via PR):

Recommended branch protection rules for main:

Require PR reviews (minimum 1 approval)
Require status checks to pass (list the CI checks from orchestrate:ci)
Require signed commits (if org policy)
Disable force push to main
Require branches to be up to date before merging
Require conversation resolution before merging

Branch and PR Workflow

git -C .repos/<target> checkout -b orchestrate/security

PR size check

git -C .repos/<target> diff --stat | tail -1

Commit and push

git -C .repos/<target> add -A

git -C .repos/<target> commit -s -m "feat: add security governance (CODEOWNERS, SECURITY.md, CONTRIBUTING.md, .gitignore)"

git -C .repos/<target> push -u origin orchestrate/security

Create PR

gh pr create --repo org/repo --title "Add security governance files" --body "Phase 5 of repo orchestration. Adds CODEOWNERS, SECURITY.md, CONTRIBUTING.md, LICENSE verification, and .gitignore hardening."

Update Phase Status

Set security to complete in phase-status.md.

Related Skills

orchestrate — Parent router
orchestrate:ci — Previous phase (CI-related security is there)
orchestrate:plan — Defines security phase tasks
orchestrate:replicate — Next phase: bootstrap skills

orchestratesecurity

Orchestrate: Security Governance

When to Use

Prerequisites

Step 1: CODEOWNERS

Step 2: SECURITY.md

Step 3: CONTRIBUTING.md

Step 4: LICENSE

Step 5: .gitignore Audit

Step 6: Branch Protection Documentation

Branch and PR Workflow

PR size check

Commit and push

Create PR

Update Phase Status

Related Skills

More from this repository

More from this repository

Orchestrate: Security Governance

When to Use

Prerequisites

Step 1: CODEOWNERS

Step 2: SECURITY.md

Step 3: CONTRIBUTING.md

Step 4: LICENSE

Step 5: .gitignore Audit

Step 6: Branch Protection Documentation

Branch and PR Workflow

PR size check

Commit and push

Create PR

Update Phase Status

Related Skills