Preset Reference

sidecar lanedirect activation52 direct rules

supply-chain

Sidecar supply-chain hardening rules, including GitHub Actions workflow checks.

Reproducibility, provenance, and release-chain hardening review.

Explicitly turns on this rule set.

Coverage

Covered Rules

SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointsupply-chainhardeningjson

SEC304Config: TLS verification disabledConfiguration disables TLS or certificate verificationsupply-chainhardeningjson

SEC319server.json remotes: insecure or private URLserver.json remotes entry uses an insecure or non-public remote URLsupply-chainhardeningserver_json

SEC324GitHub Actions: unpinned third-party actionGitHub Actions workflow uses a third-party action that is not pinned to a full commit SHAsupply-chainhardeninggithub_workflow

SEC325GitHub Actions: untrusted expression in runGitHub Actions workflow interpolates untrusted expression data directly inside a run commandsupply-chainhardeninggithub_workflow

SEC326GitHub Actions: pull_request_target checkoutGitHub Actions pull_request_target workflow checks out untrusted pull request head contentsupply-chainhardeninggithub_workflow

SEC327GitHub Actions: write-all tokenGitHub Actions workflow grants GITHUB_TOKEN write-all permissionssupply-chainhardeninggithub_workflow

SEC328GitHub Actions: write-capable third-party actionGitHub Actions workflow combines explicit write-capable permissions with a third-party actionsupply-chainhardeninggithub_workflow

SEC330MCP config: remote content piped to shellMCP configuration command downloads remote content and pipes it into a shellsupply-chainsecurityjson

SEC331MCP config: TLS verification disabledMCP configuration command disables TLS verification in a network-capable execution pathsupply-chainhardeningjson

SEC337MCP config: Docker image not digest-pinnedMCP configuration launches Docker with an image reference that is not digest-pinnedsupply-chainhardeningjson

SEC341Claude hook: remote content piped to shellClaude settings command hook downloads remote content and pipes it into a shellsupply-chainsecurityclaude_settings

SEC342Claude hook: TLS verification disabledClaude settings command hook disables TLS verification in a network-capable execution pathsupply-chainhardeningclaude_settings

SEC343Plugin hook: mutable package launcherPlugin hook command uses a mutable package launchersupply-chainhardeningjson

SEC344Plugin hook: remote content piped to shellPlugin hook command downloads remote content and pipes it into a shellsupply-chainsecurityjson

SEC345Plugin hook: TLS verification disabledPlugin hook command disables TLS verification in a network-capable execution pathsupply-chainhardeningjson

SEC346MCP config: mutable registry refreshMCP configuration forces Docker to refresh from a mutable registry sourcesupply-chainhardeningjson

SEC347AI markdown: MCP via mutable package runnerAI-native markdown example launches MCP through a mutable package runnersupply-chainhardeningmarkdown

SEC348AI markdown: mutable Docker imageAI-native markdown Docker example uses a mutable registry imagesupply-chainhardeningmarkdown

SEC365Claude settings: non-HTTPS allowed HTTP hook URLClaude settings allow non-HTTPS HTTP hook URLs in a shared committed configsupply-chainhardeningclaude_settings

SEC366Claude settings: dangerous HTTP hook host literalClaude settings allow dangerous host literals in `allowedHttpHookUrls`supply-chainhardeningclaude_settings

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcesupply-chainhardeningmarkdown

SEC448AI markdown: pip trusted-hostAI-native markdown installs Python packages with `--trusted-host`supply-chainhardeningmarkdown

SEC449AI markdown: pip http indexAI-native markdown installs Python packages from an insecure `http://` package indexsupply-chainhardeningmarkdown

SEC450AI markdown: npm http registryAI-native markdown installs JavaScript packages from an insecure `http://` registrysupply-chainhardeningmarkdown

SEC451AI markdown: cargo http git installAI-native markdown installs Rust packages from an insecure `http://` git sourcesupply-chainhardeningmarkdown

SEC452AI markdown: cargo http indexAI-native markdown installs Rust packages from an insecure `http://` indexsupply-chainhardeningmarkdown

SEC453AI markdown: pip http sourceAI-native markdown installs Python packages from an insecure direct `http://` sourcesupply-chainhardeningmarkdown

SEC454AI markdown: npm http sourceAI-native markdown installs JavaScript packages from an insecure direct `http://` sourcesupply-chainhardeningmarkdown

SEC455AI markdown: pip http git installAI-native markdown installs Python packages from an insecure `git+http://` sourcesupply-chainhardeningmarkdown

SEC456AI markdown: pip http find-linksAI-native markdown installs Python packages with insecure `http://` find-linkssupply-chainhardeningmarkdown

SEC457AI markdown: js package strict-ssl falseAI-native markdown disables strict SSL verification for JavaScript package manager configsupply-chainhardeningmarkdown

SEC458AI markdown: pip config http indexAI-native markdown configures Python package resolution with an insecure `http://` package indexsupply-chainhardeningmarkdown

SEC459AI markdown: js package config http registryAI-native markdown configures a JavaScript package manager with an insecure `http://` registrysupply-chainhardeningmarkdown

SEC460AI markdown: pip config http find-linksAI-native markdown configures Python package discovery with insecure `http://` find-linkssupply-chainhardeningmarkdown

SEC461AI markdown: pip config trusted-hostAI-native markdown configures Python package resolution with `trusted-host`supply-chainhardeningmarkdown

SEC462AI markdown: network TLS bypassAI-native markdown disables TLS verification for a network-capable commandsupply-chainhardeningmarkdown

SEC464AI markdown: git http cloneAI-native markdown clones a Git repository from an insecure `http://` sourcesupply-chainhardeningmarkdown

SEC465AI markdown: git http remoteAI-native markdown configures a Git remote with an insecure `http://` sourcesupply-chainhardeningmarkdown

SEC471AI markdown: git sslVerify falseAI-native markdown disables Git TLS verification with `http.sslVerify false`supply-chainhardeningmarkdown

SEC472AI markdown: GIT_SSL_NO_VERIFYAI-native markdown disables Git TLS verification with `GIT_SSL_NO_VERIFY`supply-chainhardeningmarkdown

SEC473AI markdown: git inline sslVerify falseAI-native markdown disables Git TLS verification with `git -c http.sslVerify=false`supply-chainhardeningmarkdown

SEC743package.json: dangerous lifecycle scriptpackage.json defines a dangerous install-time lifecycle scriptsupply-chainsecurityjson

SEC744package.json: git or forge dependency sourcepackage.json installs a dependency from a git or forge shortcut sourcesupply-chainhardeningjson

SEC745package.json: unbounded dependency versionpackage.json uses an unbounded dependency version like * or latestsupply-chainhardeningjson

SEC746Dockerfile: remote script execution in RUNDockerfile RUN downloads remote code and executes itsupply-chainsecuritydockerfile

SEC747Dockerfile: final stage runs as rootDockerfile final stage explicitly runs as rootsupply-chainhardeningdockerfile

SEC749Dockerfile: mutable registry image in FROMDockerfile FROM uses a mutable registry image without a digest pinsupply-chainhardeningdockerfile

SEC750Docker Compose: mutable service imageDocker Compose service image uses a mutable registry reference without a digest pinsupply-chainhardeningdocker-compose

SEC751Dockerfile: latest or implicit-latest base image tagDockerfile FROM uses a latest or implicit-latest image tagsupply-chainhardeningdockerfile

SEC752Docker Compose: latest or implicit-latest service image tagDocker Compose service image uses a latest or implicit-latest tagsupply-chainhardeningdocker-compose

SEC753package.json: direct archive URL dependency sourcepackage.json installs a dependency from a direct archive URL sourcesupply-chainhardeningjson

What This Preset Enables

The supply-chain preset enables sidecar hardening rules around workflow and release-chain surfaces such as GitHub Actions.

When To Use It

Use it when you want broader repository hardening beyond the core agent-artifact surfaces.

Tradeoffs

This lane is useful, but intentionally separate from the quiet recommended default so most teams can start with a calmer first pass.

supply-chain

Covered Rules

What This Preset Enables ​

When To Use It ​

Tradeoffs ​

What This Preset Enables

When To Use It

Tradeoffs