Headless Cloud Security - 0.1.0 May 06, 2026

Sysdig Headless Cloud Security (Public Beta)

Sysdig Headless Cloud Security packages Sysdig cloud security workflows as reusable agent skills that run inside AI coding agents such as Claude Code. The integration enables users to onboard environments, investigate vulnerabilities and runtime threats, remediate risks, and manage posture workflows without leaving their AI environment.

Headless Cloud Security - Install in Claude Code

/plugin marketplace add sysdig/skills
/plugin install headless-cloud-security@sysdig-skills

New Skills

`sysdig-onboarding`

Added the sysdig-onboarding skill for onboarding cloud accounts and Kubernetes clusters into Sysdig Secure.

The skill can:

Guide you through onboarding interactively or through an autonomous workflow
Generate Terraform configurations for cloud account onboarding
Generate Helm values for Kubernetes onboarding
Validate prerequisites
Deploy onboarding configurations
Verify connectivity after deployment

`sysdig-investigate`

Added the sysdig-investigate skill for identifying and prioritizing vulnerable container images in Sysdig-monitored environments.

The skill can:

Rank vulnerable images using configurable risk metrics
Generate remediation plans
Create tracking tickets in Jira, Linear, or GitHub Projects
Recommend assignees using Sysdig risk and exposure signals
Hand off remediation workflows to sysdig-remediate

`sysdig-remediate`

Added the sysdig-remediate skill for remediating vulnerable container images.

The skill can:

Retrieve Critical and High CVEs from Sysdig
Identify safe fix versions through dependency chain analysis
Generate minimal remediation patches
Open pull requests or merge requests in GitHub or GitLab
Generate .patch files for local repositories
Persist image-to-repository mappings and reviewer history across sessions

`sysdig-posture`

Added the sysdig-posture skill for authoring Sysdig Secure Posture custom controls and policies.

The skill supports:

Rego-based custom control authoring
Custom policy creation
Terraform generation using the Sysdig Terraform provider
Rego validation
Policy and control discovery workflows

API access is read-only. All configuration changes are managed through Terraform.

`sysdig-runtime-investigate`

Added the sysdig-runtime-investigate skill for investigating runtime threats detected by Sysdig.

The skill can:

Identify the highest-priority runtime threat
Enumerate affected container images
Correlate runtime activity with vulnerabilities
Analyze network blast radius
Perform VirusTotal lookups for suspicious binaries
Escalate investigations to Jira or PagerDuty workflows

Known Issues

The sysdig-onboarding skill is currently optimized for AWS environments. Expanded Azure and GCP support is planned for upcoming releases.
Claude Code is the primary supported AI coding agent, and the skills are optimized for its capabilities.
Other MCP-compatible agents, including Cursor, OpenAI Codex, and OpenCode, can use the skills through the npx skills CLI command, but are not officially supported at this time.