ShieldCI — DevSecOps Pipeline Generator

Version updated for https://github.com/Richonn/ShieldCI to version v1.13.0.

• This action is used across all versions by 0 repositories.

Action Type

This is a Docker action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

ShieldCI is a GitHub Action designed to automate the creation of secure CI/CD DevSecOps pipelines by detecting the project’s stack, generating appropriate workflows, and opening a pull request with the new configurations. It streamlines tasks such as static analysis (SAST), vulnerability scanning, secret detection, and SBOM generation, reducing manual effort while ensuring security best practices. Key capabilities include support for multiple programming languages, Docker/Kubernetes integration, and the inclusion of industry-standard security tools like Trivy, CodeQL, and Gitleaks.

What’s Changed

New feature

Cryptographically signed release artifacts

Every GitHub Release now ships with:

• Pre-built binaries for Linux (amd64/arm64), macOS (amd64/arm64), and Windows (amd64), built with -trimpath for reproducibility
• checksums.txt — SHA256 manifest for all binaries
• .intoto.jsonl — SLSA Level 3 provenance generated by slsa-github-generator, attached automatically to the release

This resolves the OpenSSF Scorecard Signed-Releases check (previously scoring 0/10).

Provenance is keyless — no keys or secrets to manage. Each attestation is tied to the GitHub Actions OIDC identity and stored in the public Rekor transparency log.

Verify a binary:

slsa-verifier verify-artifact shieldci-linux-amd64 \
  --provenance-path shieldci-linux-amd64.intoto.jsonl \
  --source-uri github.com/Richonn/ShieldCI \
  --source-tag v1.13.0

• Richonn
• GitHub Actions