software-security

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Software Security Skill (Project CodeGuard)

软件安全技能（Project CodeGuard）

This skill provides comprehensive security guidance to help AI coding agents generate secure code and prevent common vulnerabilities. It is based on Project CodeGuard, an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding workflows.

本技能提供全面的安全指导，帮助AI编码Agent生成安全代码并防范常见漏洞。它基于Project CodeGuard——一个开源、与模型无关的安全框架，可将默认安全实践嵌入AI编码工作流中。

When to Use This Skill

何时使用本技能

This skill should be activated when:

Writing new code in any language
Reviewing or modifying existing code
Implementing security-sensitive features (authentication, cryptography, data handling, etc.)
Working with user input, databases, APIs, or external services
Configuring cloud infrastructure, CI/CD pipelines, or containers
Handling sensitive data, credentials, or cryptographic operations

在以下场景中应激活本技能：

编写任意语言的新代码
审查或修改现有代码
实现安全敏感功能（身份验证、加密、数据处理等）
处理用户输入、数据库、API或外部服务
配置云基础设施、CI/CD流水线或容器
处理敏感数据、凭据或加密操作

How to Use This Skill

如何使用本技能

When writing or reviewing code:

Always-Apply Rules: Some rules MUST be checked on every code operation:

```
codeguard-1-hardcoded-credentials.md
```
- Never hardcode secrets, passwords, API keys, or tokens
```
codeguard-1-crypto-algorithms.md
```
- Use only modern, secure cryptographic algorithms
```
codeguard-1-digital-certificates.md
```
- Validate and manage digital certificates securely

Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below:

Language	Rule Files to Apply
apex	codeguard-0-input-validation-injection.md
c	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-safe-c-functions.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
cpp	codeguard-0-safe-c-functions.md
d	codeguard-0-iac-security.md
docker	codeguard-0-devops-ci-cd-containers.md, codeguard-0-supply-chain-security.md
go	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
html	codeguard-0-client-side-web-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md
java	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
javascript	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-supply-chain-security.md
kotlin	codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md
matlab	codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md
perl	codeguard-0-mobile-apps.md
php	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
powershell	codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md
python	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
ruby	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
rust	codeguard-0-mcp-security.md
shell	codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md
sql	codeguard-0-data-storage.md, codeguard-0-input-validation-injection.md
swift	codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md
typescript	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md
vlang	codeguard-0-client-side-web-security.md
xml	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md, codeguard-0-xml-and-serialization.md
yaml	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authorization-access-control.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-logging.md, codeguard-0-privacy-data-protection.md, codeguard-0-supply-chain-security.md

Proactive Security: Don't just avoid vulnerabilities-actively implement secure patterns:

Use parameterized queries for database access
Validate and sanitize all user input
Apply least-privilege principles
Use modern cryptographic algorithms and libraries
Implement defense-in-depth strategies

在编写或审查代码时：

必用规则：部分规则必须在每次代码操作时检查：

```
codeguard-1-hardcoded-credentials.md
```
- 切勿硬编码密钥、密码、API密钥或令牌
```
codeguard-1-crypto-algorithms.md
```
- 仅使用现代、安全的加密算法
```
codeguard-1-digital-certificates.md
```
- 安全验证和管理数字证书

上下文特定规则：根据所实现功能的编程语言，应用/rules目录中的规则，参考下表：

语言	需应用的规则文件
apex	codeguard-0-input-validation-injection.md
c	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-safe-c-functions.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
cpp	codeguard-0-safe-c-functions.md
d	codeguard-0-iac-security.md
docker	codeguard-0-devops-ci-cd-containers.md, codeguard-0-supply-chain-security.md
go	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
html	codeguard-0-client-side-web-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md
java	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
javascript	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-supply-chain-security.md
kotlin	codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md
matlab	codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md
perl	codeguard-0-mobile-apps.md
php	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
powershell	codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md
python	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
ruby	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
rust	codeguard-0-mcp-security.md
shell	codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md
sql	codeguard-0-data-storage.md, codeguard-0-input-validation-injection.md
swift	codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md
typescript	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md
vlang	codeguard-0-client-side-web-security.md
xml	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md, codeguard-0-xml-and-serialization.md
yaml	codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authorization-access-control.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-logging.md, codeguard-0-privacy-data-protection.md, codeguard-0-supply-chain-security.md

主动安全防护：不仅要避免漏洞，还要主动实施安全模式：

对数据库访问使用参数化查询
验证并清理所有用户输入
应用最小权限原则
使用现代加密算法和库
实施纵深防御策略

CodeGuard Security Rules

CodeGuard安全规则

The security rules are available in the

rules/

directory.

安全规则位于

rules/

目录中。

Usage Workflow

使用工作流

When generating or reviewing code, follow this workflow:

在生成或审查代码时，请遵循以下工作流：

1. Initial Security Check

1. 初始安全检查

Before writing any code:

Check: Will this handle credentials? → Apply codeguard-1-hardcoded-credentials
Check: What language am I using? → Identify applicable language-specific rules
Check: What security domains are involved? → Load relevant rule files

编写任何代码之前：

检查：是否会处理凭据？→ 应用codeguard-1-hardcoded-credentials规则
检查：使用的是哪种语言？→ 确定适用的语言特定规则
检查：涉及哪些安全领域？→ 加载相关规则文件

2. Code Generation

2. 代码生成

While writing code:

Apply secure-by-default patterns from relevant Project CodeGuard rules
Add security-relevant comments explaining choices

编写代码时：

应用相关Project CodeGuard规则中的默认安全模式
添加解释选择的安全相关注释

3. Security Review

3. 安全审查

After writing code:

Review against implementation checklists in each rule
Verify no hardcoded credentials or secrets
Validate that all the rules have been successfully followed when applicable.
Explain which security rules were applied
Highlight security features implemented

编写代码后：

根据每个规则中的实施清单进行审查
确认没有硬编码凭据或密钥
验证所有适用规则均已成功遵循
说明应用了哪些安全规则
突出显示已实现的安全功能