Summary

Create the owasp-docker skill under owasp-docker providing detection checklists, severity guidance, and remediation patterns for the OWASP Docker Security Top 6 vulnerabilities.

This skill is consumed by the security-reviewer agent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skills docker-vulnerabilities skill with hve-core naming and conventions applied.

Acceptance Criteria

• SKILL.md exists with valid frontmatter

  • name: owasp-docker matches directory name
  • description ends with - Brought to you by microsoft/hve-core
  • user-invocable: false
  • metadata.content_based_on references OWASP Docker Security source URL

• references/ directory contains 7 files:

  • 00-vulnerability-index.md — summary table with all 6 vulnerabilities
  • 01-secure-user-mapping.md
  • 02-patch-management-strategy.md
  • 03-network-segmentation-firewalling.md
  • 04-secure-defaults-hardening.md
  • 05-maintain-security-contexts.md
  • 06-resource-protection.md

• Each reference file follows the 7-section pattern: Description → Risk → Vulnerability Checklist → Prevention Controls → Example Attacks → Detection Guidance → Remediation

• SKILL.md body references the vulnerability index and instructs the agent on how to traverse references

• npm run validate:skills passes for this skill

Content Source

Adapted from JasonTheDeveloper's owasp-skills docker-vulnerabilities/ skill. Naming convention changed from docker-vulnerabilities to owasp-docker per Discussion #480 terminology alignment.

File Structure

.github/skills/security/owasp-docker/
├── SKILL.md
└── references/
    ├── 00-vulnerability-index.md
    ├── 01-secure-user-mapping.md
    ├── 02-patch-management-strategy.md
    ├── 03-network-segmentation-firewalling.md
    ├── 04-secure-defaults-hardening.md
    ├── 05-maintain-security-contexts.md
    └── 06-resource-protection.md