Skills
.Work. You
Rest

sbom-supply-chain

Community

Secure your software supply chain.

Software Engineering#provenance#supply chain security#slsa#sbom#cosign#artifact signing
AuthorBagelHole
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill addresses the critical need for trust and transparency in the software supply chain by enabling the generation, signing, and verification of Software Bill of Materials (SBOMs) and provenance attestations.

Core Features & Use Cases

  • SBOM Generation: Create SBOMs in standard formats (SPDX, CycloneDX) for container images and application builds.
  • Attestation & Signing: Generate provenance attestations for build artifacts and sign them using tools like Cosign.
  • Verification: Implement gates to verify artifact signatures and attestations before deployment.
  • Use Case: Ensure compliance with security standards like SLSA by generating SBOMs and signing all build artifacts, providing auditable evidence of your software's integrity.

Quick Start

Use the sbom-supply-chain skill to generate an SBOM for the container image ghcr.io/acme/api:1.2.3.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sbom-supply-chain
Download link: https://github.com/BagelHole/DevOps-Security-Agent-Skills/archive/main.zip#sbom-supply-chain

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.