Search Results: supply-chain-security

Found 35 Skills

Security & Compliancesickn33/antigravity-aweso...

security-scanning-security-dependencies

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.

🇺🇸|EnglishTranslated

Security & Compliancevasilyu1983/ai-agents-pub...

software-security-appsec

Modern application security patterns aligned with OWASP Top 10:2025 (final), OWASP API Security Top 10 (2023), NIST SSDF, zero trust (incl. NSA ZIGs 2026), supply chain security (SBOM), passkeys/WebAuthn, authentication, authorization, input validation, cryptography, plus security ROI, breach cost modeling, and compliance-driven enterprise sales.

🇺🇸|EnglishTranslated

Security & Compliancewilliamzujkowski/standard...

security-practices

Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection

🇺🇸|EnglishTranslated

Security & Compliancevchirrav/owasp-secure-cod...

dependency-confusion-detect

Run Confused and GuardDog to detect dependency confusion and typosquatting risks. Checks if internal package names exist on public registries and identifies malicious packages.

🇺🇸|EnglishTranslated

Security & Complianceyaklang/hack-skills

dependency-confusion

Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.

🇺🇸|EnglishTranslated

Frontend Developmentcognitedata/dune-skills

dependencies-audit

MUST be used whenever fixing dependency issues in a Dune app. This skill finds AND fixes vulnerabilities, outdated packages, deprecated dependencies, and license issues — it does not just report them. Triggers: dependencies, packages, fix dependencies, update packages, fix vulnerabilities, npm audit fix, pnpm audit fix, CVE fix, outdated, deprecated, supply chain, license.

🇺🇸|EnglishTranslated

Security & Compliance404kidwiz/claude-supercod...

dependency-manager

Expert at package management and supply chain security. Use when managing dependencies, updating packages, resolving version conflicts, ensuring supply chain security, or auditing vulnerabilities in project dependencies.

🇺🇸|EnglishTranslated

Security & Compliancethisrohangupta/harness-sk...

create-policy

Create OPA governance policies for Harness via MCP. Define policies that enforce compliance rules on pipelines, services, environments, feature flags, artifacts, code repositories, templates, SBOM, security tests, Terraform, GitOps, connectors, secrets, and more. Use when asked to create, write, fix, or explain an OPA policy, Rego rule, deny rule, governance policy, compliance rule, or policy-as-code for any Harness entity. Trigger phrases: create policy, OPA policy, governance policy, compliance rule, rego policy, deny rule, enforce policy, security policy, supply chain governance.

🇺🇸|EnglishTranslated

Security & Compliancegaliais/ctf-sandbox-orche...

competition-supply-chain

Internal downstream skill for ctf-sandbox-orchestrator. CTF-sandbox workflow for CI/CD, registry, dependency drift, artifact provenance, image build, release pipeline, and runtime consumer challenges. Use when the user asks to trace dependency drift, registry pulls, malicious packages, build or release tampering, CI execution, artifact signing, or which shipped artifact the runtime actually consumes. Use only after `$ctf-sandbox-orchestrator` has already established sandbox assumptions and routed here.

🇺🇸|EnglishTranslated

DevOps & Cloud Servicesiuliandita/skills

ci-cd

· Write, review, or architect CI/CD pipelines -- GitHub Actions, GitLab CI, Forgejo. Covers pipeline security, SHA pinning, SBOM, and runner configuration. Triggers: 'ci/cd', 'pipeline', 'github actions', 'gitlab ci', 'forgejo', '.github/workflows', 'runner', 'sha pinning'.

🇺🇸|EnglishTranslated

Security & Compliancegithub/awesome-copilot

agent-supply-chain

Verify supply chain integrity for AI agent plugins, tools, and dependencies. Use this skill when: - Generating SHA-256 integrity manifests for agent plugins or tool packages - Verifying that installed plugins match their published manifests - Detecting tampered, modified, or untracked files in agent tool directories - Auditing dependency pinning and version policies for agent components - Building provenance chains for agent plugin promotion (dev → staging → production) - Any request like "verify plugin integrity", "generate manifest", "check supply chain", or "sign this plugin"

🇺🇸|EnglishTranslated

Security & Compliancetartinerlabs/skills

deps

Use when hardening npm supply chain, pinning dependency versions, adding .npmrc security flags, or setting up Renovate and audit workflows. Locks down install-time scripts, registries, version ranges, and CI checks.

🇺🇸|EnglishTranslated