Skills
.Work. You
Rest

x-audit-supply-chain

Community

Supply chain security audit for dependencies

Software Engineering#security#dependencies#audit#reporting#supply-chain#sarif
Authoredercnj
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This skill helps software teams identify and quantify supply chain risks in their dependencies, guarding against compromised supply chains and brittle software.

Core Features & Use Cases

  • Maintainer risk analysis: Detect dependencies with a single maintainer and assess bus-factor risk.
  • Typosquatting detection: Flag subtly similar package names that could be misused.
  • Phantom dependencies: Identify imports in code that are not declared in manifests.
  • Dependency age analysis: Surface stale packages and outdated components.
  • EPSS scoring: Evaluate exploit probability against known CVEs.
  • SLSA assessment: Assess provenance and build integrity for strong supply chain guarantees.
  • Reports: Generate SARIF 2.1.0 and Markdown reports for teams.

Quick Start

Run the x-audit-supply-chain skill on your project to perform a full supply chain audit.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: x-audit-supply-chain
Download link: https://github.com/edercnj/ia-dev-environment/archive/main.zip#x-audit-supply-chain

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.