Search Results: supply-chain-security

Found 22 Skills

Security & Compliance404kidwiz/claude-supercod...

dependency-manager

Expert at package management and supply chain security. Use when managing dependencies, updating packages, resolving version conflicts, ensuring supply chain security, or auditing vulnerabilities in project dependencies.

🇺🇸|EnglishTranslated

Security & Compliancethisrohangupta/harness-sk...

create-policy

Create OPA governance policies for Harness via MCP. Define policies that enforce compliance rules on pipelines, services, environments, feature flags, artifacts, code repositories, templates, SBOM, security tests, Terraform, GitOps, connectors, secrets, and more. Use when asked to create, write, fix, or explain an OPA policy, Rego rule, deny rule, governance policy, compliance rule, or policy-as-code for any Harness entity. Trigger phrases: create policy, OPA policy, governance policy, compliance rule, rego policy, deny rule, enforce policy, security policy, supply chain governance.

🇺🇸|EnglishTranslated

DevOps & Cloud Servicesiuliandita/skills

ci-cd

· Write, review, or architect CI/CD pipelines -- GitHub Actions, GitLab CI, Forgejo. Covers pipeline security, SHA pinning, SBOM, and runner configuration. Triggers: 'ci/cd', 'pipeline', 'github actions', 'gitlab ci', 'forgejo', '.github/workflows', 'runner', 'sha pinning'.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

dependency-confusion

Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.

🇺🇸|EnglishTranslated

Security & Compliancemukul975/anthropic-cybers...

analyzing-sbom-for-supply-chain-vulnerabilities

Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities by correlating components against the NVD CVE database via the NVD 2.0 API. Builds dependency graphs, calculates risk scores, identifies transitive vulnerability paths, and generates compliance reports. Activates for requests involving SBOM analysis, software composition analysis, supply chain security assessment, dependency vulnerability scanning, CycloneDX/SPDX parsing, or CVE correlation.

🇺🇸|EnglishTranslated

1 scripts/Checked

Frontend Developmentcognitedata/dune-skills

dependencies-audit

MUST be used whenever fixing dependency issues in a Dune app. This skill finds AND fixes vulnerabilities, outdated packages, deprecated dependencies, and license issues — it does not just report them. Triggers: dependencies, packages, fix dependencies, update packages, fix vulnerabilities, npm audit fix, pnpm audit fix, CVE fix, outdated, deprecated, supply chain, license.

🇺🇸|EnglishTranslated

Security & Compliancesickn33/antigravity-aweso...

dependency-management-deps-audit

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.

🇺🇸|EnglishTranslated

Security & Compliancemathews-tom/praxis-skills

dependency-audit

Audits project dependencies for license compliance, maintenance health, security vulnerabilities, and bloat. Analyzes both direct and transitive dependency trees, detects abandoned packages, identifies license conflicts (copyleft, unknown), checks for known CVEs, and finds unused or duplicate dependencies. Triggers on: "audit dependencies", "dependency check", "license check", "dependency health", "abandoned packages", "bloat check", "unused dependencies", "security audit dependencies", "dependency review", "license compliance", "package audit", "supply chain", "dependency risk". Use this skill when reviewing project dependencies for risk.

🇺🇸|EnglishTranslated

Security & Compliancemohitmishra786/low-level-...

rust-security

Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC advisories, writing memory-safe FFI patterns, or integrating fuzzing and Miri into a security review pipeline. Activates on queries about cargo-audit, cargo-deny, RUSTSEC advisories, supply chain security, Rust CVEs, safe FFI, or fuzzing for security.

🇺🇸|EnglishTranslated

Code Qualityerichowens/some_claude_sk...

dependency-management

Managing third-party dependencies — version pinning, security auditing, license compliance, update workflows, lockfile management, supply chain security. Activate on "npm audit", "dependabot", "renovate", "pin versions", "dependency update", "supply chain", "license compliance", "lockfile", "security advisory", "typosquatting", "SBOM". NOT for internal monorepo package management (use monorepo-management) or publishing your own packages to npm/PyPI.

🇺🇸|EnglishTranslated