security-platform-supply-chain
CommunitySecure and manage your software supply chain with comprehensive reviews and controls.
Software Engineering#dependency analysis#SCA#SBOM#software supply chain#artifact signing#cloud posture
AuthorSensLiao
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the complexities of software supply chain security, providing deep analysis, artifact signing, and cloud posture management.
Core Features & Use Cases
- SBOM Generation: Create detailed Software Bill of Materials for all components.
- Deep SCA: Perform in-depth Software Composition Analysis for transitive vulnerabilities and integrity checks.
- Provenance & Signing: Ensure artifact provenance and signing with SLSA, in-toto, and cosign tools.
- Container Image Supply Chain: Verify container images for supply chain integrity and signature.
- Malicious-Package Defense: Protect against dependency confusion, typosquatting, and malicious packages.
- Build-Pipeline Integrity: Ensure the integrity of the build pipeline and CI workflows.
- Cloud Posture (CSPM): Manage cloud configurations and posture with Prowler.
Quick Start
Use the security-platform-supply-chain skill to scan your software dependencies and generate a SBOM.
Dependency Matrix
Required Modules
syftcdxgencosignin-totoprowlerosv-scannertrivygrypejoern
Components
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-platform-supply-chain Download link: https://github.com/SensLiao/Claude-code-setting/archive/main.zip#security-platform-supply-chain Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.