supply-chain-hardening
CommunityRigorous audits to harden software supply chains.
Software Engineering#supply-chain#security-audit#sbom#lockfile#dependency-security#ci-pipeline#container-provenance
AuthorSokoliem
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Supply chains are a frequent attack surface; this skill enforces and automates hardening across lockfiles, install scripts, CI publishing pipelines, SBOM generation, container image provenance, and registry trust to reduce vendor risk and ensure artifact integrity.
Core Features & Use Cases
- Lockfile hygiene: enforce integrity and reproducible builds across projects.
- Install-script review: detect and mitigate risky transitive install scripts.
- CI publishing governance: gate artifact publishing with secure credentials and provenance.
- SBOM generation & provenance: generate software bill of materials and trace artifact origins.
- Container image provenance: pin digests and verify base images to prevent drift.
- Registry trust & policy: enforce trusted registries and access controls.
Quick Start
Audit the current project's supply chain by reviewing lockfiles, install scripts, SBOM generation, container provenance, and registry trust.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-hardening Download link: https://github.com/Sokoliem/ultraprompt/archive/main.zip#supply-chain-hardening Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.