Skills
.Work. You
Rest

security-supply-chain

Community

Secure your Python package supply chain.

Software Engineering#security#python#pypi#supply chain#vulnerability scanning#oidc#sigstore
Authoroborchers
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill addresses the critical and growing threat of supply chain attacks on open-source software by providing a comprehensive framework for securing Python packages.

Core Features & Use Cases

  • Trusted Publishing: Replaces long-lived API tokens with secure OIDC tokens for PyPI publishing.
  • Vulnerability Scanning: Integrates pip-audit to continuously scan dependencies for known vulnerabilities.
  • Supply Chain Hardening: Implements best practices like Sigstore attestations, SLSA compliance, and CI permission hardening.
  • Use Case: Ensure your critical Python library is protected against malicious takeovers and vulnerable dependencies by implementing all recommended security measures.

Quick Start

Implement trusted publishing for your Python package on PyPI.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-supply-chain
Download link: https://github.com/oborchers/fractional-cto/archive/main.zip#security-supply-chain

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.