supply-chain-review
OfficialTriage Rust dependency risks before they ship
Legal & Compliance#rust#dependency audit#supply chain#license compliance#cargo audit#cargo deny#MSRV
AuthorPandaala
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Supply-chain reviews prevent insecure or incompatible Rust dependencies from entering Edgion by standardizing how to audit lockfile changes, new crates, MSRV impacts, and license risk.
Core Features & Use Cases
- Actionable threat-model triage: Evaluates malicious upstream risk, transitive vulnerabilities, abandoned/maintenance-mode risk, MSRV drift, and license/maintenance-mode crate concerns.
- Repeatable tooling workflow: Defines when to run
cargo auditandcargo deny, plus when to do manual lockfile diffs. - Clear decision rules: Establishes severity-based merge/deferral behavior (block on high/critical, document medium/low outcomes, re-evaluate on triggers) and specifies acceptance criteria for maintenance-mode crates via a dedicated rule file.
Quick Start
Use the supply-chain-review skill when reviewing a PR that modifies Cargo.lock, adds new crates, updates MSRV-related metadata, or introduces a dependency licensing concern so you can document the decision using the triage rules in this directory.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-review Download link: https://github.com/Pandaala/Edgion/archive/main.zip#supply-chain-review Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.