Skills
.Work. You
Rest

sbom-slsa

Community

Ship with verifiable SBOMs and SLSA provenance.

Software Engineering#security#release#provenance#slsa#sbom#cyclonedx#build-management
Authorbrucebanner010198-commits
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Produce Software Bill of Materials (CycloneDX) + SLSA provenance attestations for every shipped artifact. Runs at close-phase on any project that emits code; on any release candidate before publish. Pairs with ip-lineage (lineage = origin, sbom-slsa = composition + provenance). Owned by sbom-slsa specialist on the Security Council.

Core Features & Use Cases

  • Enumerate dependencies and generate CycloneDX SBOMs for each artifact.
  • Generate SLSA provenance attestations and sign them to ensure verifiability.
  • Verify SBOM and provenance integrity and attach artifacts to releases.
  • ADR logging: record provenance generation events for audits.

Quick Start

Run the sbom-slsa process during close-phase builds to generate CycloneDX SBOM files and SLSA provenance and attach them to the release.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sbom-slsa
Download link: https://github.com/brucebanner010198-commits/DevSecOps-Agency/archive/main.zip#sbom-slsa

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.