Skip to content

cutmob/1sec-gitlab-hackathon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitlab/duo
.gitlab/duo
 
 
demo-samples
demo-samples
 
 
flows
flows
 
 
skills
skills
 
 
AGENTS.md
AGENTS.md
 
 
DEVPOST_SUBMISSION.md
DEVPOST_SUBMISSION.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SYSTEM_PROMPT.md
SYSTEM_PROMPT.md
 
 

Repository files navigation

1-SEC Agent — AI Security Co-Pilot for GitLab

One agent. Full-spectrum security. 5 slash commands. Automated MR scanning. Zero config.

What is 1-SEC Agent?

1-SEC Agent is a custom GitLab Duo agent + automated security scanning flow that brings full-spectrum cybersecurity directly into the developer workflow. Instead of context-switching to separate security tools, developers get instant security reviews, AI agent hardening, pipeline audits, compliance reports, and threat models — all from GitLab Duo Chat or triggered automatically on merge requests.

The agent's security knowledge is distilled from 1-SEC, an open-source cybersecurity platform with 16 defense modules, 65+ prompt injection patterns, 60+ injection detection rules, and full OWASP Agentic AI Top 10 coverage.

Features

Custom Agent — 5 Slash Commands

Command Capability
/security-review Scan code for 60+ vulnerability patterns (SQLi, XSS, SSRF, CMDi, RCE, path traversal, deserialization, credential exposure) with severity-ranked, copy-paste fixes
/agent-hardening Assess AI agents against the full OWASP Agentic AI Top 10 — prompt injection (65+ patterns), tool misuse, MCP poisoning, memory poisoning, rogue agent detection
/pipeline-security Audit .gitlab-ci.yml, Dockerfiles, Kubernetes manifests, Helm charts, and dependency files for supply chain attacks, secret exposure, and container misconfigs
/compliance-report Generate compliance assessments against OWASP Top 10, OWASP Agentic AI Top 10, CIS Benchmarks, SOC 2, and NIST CSF with pass/partial/fail scoring
/threat-model STRIDE threat analysis with agentic threat extensions — trust boundaries, entry points, risk scoring, and mitigations mapped to 1-SEC modules

Automated Flow — MR Security Scanning

The 1-SEC Security Scan Flow triggers automatically when:

  • A developer is mentioned in an MR comment requesting a security review
  • The 1-SEC service account is assigned as MR reviewer
  • A pipeline event completes on a security-sensitive branch

The flow uses a two-agent architecture:

  1. Security Scanner Agent — Analyzes the MR diff against 1-SEC's full detection pattern library
  2. Report Generator Agent — Formats findings as a structured MR comment with severity badges, code snippets, fixes, and 1-SEC module references

Project-Level Security — AGENTS.md

The included AGENTS.md file configures project-wide security guidelines for all GitLab Duo interactions, ensuring every AI agent in the project follows security best practices.

Architecture

┌─────────────────────────────────────────────────────────┐
│                    Developer Workflow                     │
├──────────────┬──────────────────┬───────────────────────┤
│  Duo Chat    │  Merge Request   │  Pipeline Event       │
│  (5 skills)  │  (assign/mention)│  (succeeded/failed)   │
└──────┬───────┴────────┬─────────┴──────────┬────────────┘
       │                │                    │
       ▼                ▼                    ▼
┌──────────────┐ ┌──────────────────────────────────────┐
│  1-SEC Agent │ │  1-SEC Security Scan Flow            │
│  (Custom     │ │  ┌──────────────┐ ┌───────────────┐  │
│   Agent)     │ │  │  Scanner     │→│  Report       │  │
│              │ │  │  Agent       │ │  Generator    │  │
│  5 Skills:   │ │  └──────────────┘ └───────┬───────┘  │
│  • review    │ │                           │          │
│  • harden    │ │                           ▼          │
│  • pipeline  │ │              MR Comment with         │
│  • compliance│ │              security findings       │
│  • threat    │ └──────────────────────────────────────┘
└──────────────┘
       │
       ▼
┌──────────────────────────────────────────────────────────┐
│  1-SEC Knowledge Base (from open-source engine)          │
│  ├── 65+ prompt injection detection patterns             │
│  ├── 60+ injection rules (SQLi, XSS, SSRF, CMDi, etc.) │
│  ├── OWASP Agentic AI Top 10 containment rules          │
│  ├── Supply chain: typosquatting, dep confusion, SBOM   │
│  ├── Container/K8s: CIS benchmarks, RBAC, pod security  │
│  └── Auth: brute force, MFA fatigue, AitM, passkeys     │
└──────────────────────────────────────────────────────────┘
       │
       ▼ (for runtime protection)
┌──────────────────────────────────────────────────────────┐
│  1-SEC Engine — github.com/cutmob/1-SEC                  │
│  16 modules • single binary • zero config • Go + Rust   │
└──────────────────────────────────────────────────────────┘

Project Structure

.
├── AGENTS.md                          # Project-level Duo security guidelines
├── SYSTEM_PROMPT.md                   # Agent system prompt (paste into Duo UI)
├── .gitlab/
│   └── duo/
│       └── agent-config.yml           # Flow execution environment config
├── flows/
│   └── security-scan-flow.yml         # Automated MR security scanning flow
├── skills/
│   ├── security-review/
│   │   └── SKILL.md                   # /security-review slash command
│   ├── agent-hardening/
│   │   └── SKILL.md                   # /agent-hardening slash command
│   ├── pipeline-security/
│   │   └── SKILL.md                   # /pipeline-security slash command
│   ├── compliance-report/
│   │   └── SKILL.md                   # /compliance-report slash command
│   └── threat-model/
│       └── SKILL.md                   # /threat-model slash command
├── demo-samples/
│   ├── vulnerable-api.py              # 11 vulnerabilities for /security-review demo
│   ├── vulnerable-agent.py            # 10 OWASP ASI issues for /agent-hardening demo
│   ├── vulnerable-pipeline.yml        # 12 CI/CD issues for /pipeline-security demo
│   ├── vulnerable-dockerfile           # 10 container misconfigs
│   └── vulnerable-k8s.yaml            # 8 Kubernetes security issues
└── DEVPOST_SUBMISSION.md              # Hackathon submission writeup + video script

Setup Instructions

1. Create the Custom Agent

  1. In your GitLab project, go to Automate > Agents > New agent
  2. Display name: 1-SEC Agent
  3. Description: AI security co-pilot powered by 16 open-source defense modules. 5 slash commands: /security-review, /agent-hardening, /pipeline-security, /compliance-report, /threat-model. Automated MR security scanning flow.
  4. Visibility: Public
  5. System prompt: Copy contents of SYSTEM_PROMPT.md
  6. Available tools: Select get_repository_file, list_repository_tree, blob_search, find_files, create_issue_note, create_issue, create_merge_request

2. Add Project Files

Copy to your project root:

  • AGENTS.md
  • skills/ (all 5 skill directories)
  • .gitlab/duo/agent-config.yml

3. Create the Flow

  1. Go to Automate > Flows > New flow
  2. Use the YAML from flows/security-scan-flow.yml
  3. Enable triggers: Mention, Assign reviewer
  4. Set up the service account

4. Test

  1. Open GitLab Duo Chat → Select "1-SEC Agent"
  2. Try /security-review with code from demo-samples/vulnerable-api.py
  3. Try /agent-hardening with code from demo-samples/vulnerable-agent.py
  4. Create an MR with vulnerable code → assign 1-SEC as reviewer → watch the automated scan

Powered By

1-SEC — Open-source (AGPLv3) all-in-one cybersecurity platform. 16 modules, single binary, zero config. Go + Rust. The runtime defense complement to this agent's design-time guidance.

License

AGPL-3.0 — Same license as 1-SEC.

Team

  • GodBody (cutmob) — Creator of 1-SEC

About

1-SEC Agent — AI Security Co-Pilot for GitLab. Custom Duo agent + automated MR scanning flow. 5 slash commands, OWASP Agentic AI Top 10 coverage. GitLab AI Hackathon 2026.

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages