supply-chain-investigation
CommunityConduct thorough supply-chain security audits with precision.
Software Engineering#vulnerability analysis#malware detection#supply-chain security#CI log analysis#ecosystem support
Authordamianpapadopoulos
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill streamlines the process of investigating potential supply-chain attacks on software packages, providing a comprehensive audit and helping to identify compromised versions and related risks.
Core Features & Use Cases
- Attack Detection: Identifies potential supply-chain attacks based on trigger patterns and advisory-driven audits.
- Ecosystem-specific Analysis: Supports npm, Maven, PyPI, Go, and Gradle ecosystems with tailored analysis for each.
- Workflow Automation: Orchestrates a workflow for parsing advisories, scanning the organization's repositories, and classifying the severity of the threat.
- CI Log Analysis: Forensically examines CI logs to detect malicious activities after a known compromise timestamp.
- Verdict Generation: Provides a detailed verdict for each repository, summarizing the findings and risks.
Quick Start
To investigate a potential supply-chain attack, use the skill with the following command: 'supply-chain-investigation -a "GHSA-XXXX"'
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-investigation Download link: https://github.com/damianpapadopoulos/auto-claude-skills/archive/main.zip#supply-chain-investigation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.