Software Supply Chain Security Validator
CommunitySecure and verify your software supply chains.
Software Engineering#provenance#slsa#supply-chain-security#sbom#cosign#vulnerability-scanning#cyclonedx
Authorwilliamzujkowski
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Software supply chains often suffer from opaque provenance, unverified dependencies, and insecure artifacts. This Skill provides end-to-end validation by generating SBOMs, scanning dependencies for known vulnerabilities, and validating SLSA provenance and attestations to reduce risk.
Core Features & Use Cases
- Generate SPDX and CycloneDX SBOMs for container images, binaries, and source packages.
- Validate dependency provenance and build attestations against EO 14028 requirements.
- Produce risk scores and actionable remediation guidance for procurement and deployment.
Quick Start
Run the validator on a sample artifact to generate an SBOM, provenance report, and risk assessment.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Software Supply Chain Security Validator Download link: https://github.com/williamzujkowski/cognitive-toolworks/archive/main.zip#software-supply-chain-security-validator Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.