supply-chain-investigation

Community

Conduct thorough supply-chain security audits with precision.

Authordamianpapadopoulos
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill streamlines the process of investigating potential supply-chain attacks on software packages, providing a comprehensive audit and helping to identify compromised versions and related risks.

Core Features & Use Cases

  • Attack Detection: Identifies potential supply-chain attacks based on trigger patterns and advisory-driven audits.
  • Ecosystem-specific Analysis: Supports npm, Maven, PyPI, Go, and Gradle ecosystems with tailored analysis for each.
  • Workflow Automation: Orchestrates a workflow for parsing advisories, scanning the organization's repositories, and classifying the severity of the threat.
  • CI Log Analysis: Forensically examines CI logs to detect malicious activities after a known compromise timestamp.
  • Verdict Generation: Provides a detailed verdict for each repository, summarizing the findings and risks.

Quick Start

To investigate a potential supply-chain attack, use the skill with the following command: 'supply-chain-investigation -a "GHSA-XXXX"'

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: supply-chain-investigation
Download link: https://github.com/damianpapadopoulos/auto-claude-skills/archive/main.zip#supply-chain-investigation

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.