supply-chain-forensics
CommunitySecure your software supply chain.
Authorjmagly
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical need to detect and prevent compromises within the software supply chain, ensuring the integrity of packages, build processes, and CI/CD pipelines.
Core Features & Use Cases
- SBOM Analysis: Generates and validates Software Bill of Materials (SBOM) to identify components, licenses, and vulnerabilities.
- Dependency Verification: Checks package integrity against registry hashes to detect tampering and typosquatting.
- Build Pipeline Forensics: Scans CI/CD scripts and workflows for malicious patterns, unpinned actions, and unauthorized changes.
- Reproducibility Checks: Assesses the reproducibility of build artifacts and maps findings to SLSA levels.
- Use Case: A security team can use this skill to perform a comprehensive audit of a critical open-source project's supply chain, identifying potential vulnerabilities or signs of compromise before integrating it into their own systems.
Quick Start
Run a full supply chain audit on the current project.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-forensics Download link: https://github.com/jmagly/aiwg/archive/main.zip#supply-chain-forensics Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.