supply-chain-forensics
CommunitySecure your software supply chain.
Authorrobit-man
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical issue of software supply chain attacks by systematically verifying the integrity of dependencies, build pipelines, and software artifacts, ensuring the trustworthiness of your software.
Core Features & Use Cases
- Dependency Integrity: Verifies package hashes against registries to detect typosquatting or substitution.
- Build Pipeline Forensics: Scans CI/CD scripts for malicious patterns and unauthorized changes.
- SBOM Analysis: Generates and analyzes Software Bill of Materials (SBOM) for component vulnerabilities and licensing issues.
- SLSA Compliance: Assesses and reports on adherence to Supply-chain Levels for Software Artifacts (SLSA).
- Use Case: A security engineer can use this skill to audit a new open-source library before integrating it into a production system, ensuring it hasn't been compromised.
Quick Start
Run a comprehensive supply chain forensics audit on the current project directory.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-forensics Download link: https://github.com/robit-man/transcribe-cli/archive/main.zip#supply-chain-forensics Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.