analyzing-sbom-for-supply-chain-vulnerabilities
CommunityIdentify and prioritize SBOM risks in software.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
SBOMs are a critical source of truth for software supply-chain risk; this skill automates the extraction, correlation, and reporting of known vulnerabilities across components and their dependencies to help security teams prioritize remediation.
Core Features & Use Cases
- Parse CycloneDX and SPDX SBOMs to extract components and their dependencies.
- Correlate components with NVD CVEs (via NVD 2.0) to compute risk scores and classify risk levels.
- Build dependency graphs to identify transitive vulnerabilities and blast radius.
- Generate comprehensive compliance reports, including vulnerability summaries, graph metrics, and license checks.
- Optional cross-validation with Grype and offline analysis for broader coverage and resilience.
Quick Start
Run the agent script on your SBOM file to generate a full vulnerability analysis report.
Dependency Matrix
Required Modules
requestsnetworkxpackaging
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-sbom-for-supply-chain-vulnerabilities Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-sbom-for-supply-chain-vulnerabilities Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.