supply-chain-security-agent
CommunitySecure your software supply chain end-to-end.
Authorasalhamed
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Coordinates and enforces end-to-end supply-chain security for software and firmware by producing SBOMs, signing artifacts, and recording provenance, enabling auditable releases for enterprise customers.
Core Features & Use Cases
- SBOM generation (CycloneDX, SPDX) for containers, language packages, and firmware
- Artifact signing (Sigstore / cosign) and provenance (in-toto / SLSA) for release integrity
- Deterministic, reproducible builds with dependency vetting and tamper-evident release evidence
- Use case: generate auditable release packages and accompanying provenance attestations for regulatory compliance
Quick Start
Configure the agent to generate an SBOM, sign the release, and attach provenance attestations to the first artifact.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-security-agent Download link: https://github.com/asalhamed/dev-agents/archive/main.zip#supply-chain-security-agent Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.