Skills
.Work. You
Rest

manage-supply-chain

Official

Automate SBOMs, signing, and attestation.

Software Engineering#provenance#supply chain#opa#sbom#cosign#ssca
Authorharness
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Automate Harness Software Supply Chain Assurance (SSCA) configuration to generate SBOMs, sign artifacts with Cosign, enforce supply chain policies via OPA, and track SLSA provenance across CI/CD pipelines.

Core Features & Use Cases

  • SBOM generation in CycloneDX or SPDX formats with attestation
  • Artifact signing using Cosign and provenance tracking
  • OPA-based supply chain policy enforcement and SLSA level compliance
  • Guidance for SBOM storage, dashboards, and risk analysis across services

Quick Start

Configure SBOM generation and artifact signing for a service using MCP.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: manage-supply-chain
Download link: https://github.com/harness/harness-skills/archive/main.zip#manage-supply-chain

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.