supply-chain-risk
CommunitySecure your software supply chain.
Software Engineering#dependency analysis#vulnerability management#devsecops#supply chain#sbom#build security
Authorjaskaranhundal
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill protects your organization from sophisticated supply chain attacks by rigorously evaluating software dependencies, build pipelines, and vendor components for malicious code and vulnerabilities.
Core Features & Use Cases
- Dependency Analysis: Detects risks like dependency confusion, typosquatting, and malicious maintainer takeovers in package ecosystems (npm, PyPI, etc.).
- Build Integrity Assessment: Evaluates your CI/CD pipelines against the SLSA framework to prevent build system compromises.
- SBOM Generation & Auditing: Provides detailed Software Bill of Materials analysis, including CVEs, CISA KEVs, and license risk.
- Use Case: When a new CVE is disclosed for a critical library your application uses, this Skill automatically assesses the risk, identifies if it's a CISA KEV, and recommends immediate actions like updating or blocking the package.
Quick Start
Analyze the supply chain risks for the 'event-stream' npm package at version '3.3.6'.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-risk Download link: https://github.com/jaskaranhundal/usap-skills/archive/main.zip#supply-chain-risk Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.