sbom AI Agent Skills

Browse 37 skills related to sbom

dependency-scanner

376
a5c-aia5c-ai

Software Composition Analysis (SCA) and dependency vulnerability scanning. Scan npm, pip, maven, gradle dependencies. Check CVE databases, generate SBOM (CycloneDX, SPDX), identify license compliance issues, and track EPSS scores for prioritization.

133 days ago

managing-vulnerabilities

296
ancolemanancoleman

Implementing multi-layer security scanning (container, SAST, DAST, SCA, secrets), SBOM generation, and risk-based vulnerability prioritization in CI/CD pipelines. Use when building DevSecOps workflows, ensuring compliance, or establishing security gates for container deployments.

133 days ago

sca-trivy

228
rohunjrohunj

Software Composition Analysis (SCA) and container vulnerability scanning using Aqua Trivy for identifying CVE vulnerabilities in dependencies, container images, IaC misconfigurations, and license compliance risks. Use when: (1) Scanning container images and filesystems for vulnerabilities and misconfigurations, (2) Analyzing dependencies for known CVEs across multiple languages (Go, Python, Node.js, Java, etc.), (3) Detecting IaC security issues in Terraform, Kubernetes, Dockerfile, (4) Integrating vulnerability scanning into CI/CD pipelines with SARIF output, (5) Generating Software Bill of Materials (SBOM) in CycloneDX or SPDX format, (6) Prioritizing remediation by CVSS score and exploitability.

scatrivycontainer-security+5
133 days ago

vulnerability-scanning

69
secondskysecondsky

Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.

133 days ago

container-grype

64
AgentSecOpsAgentSecOps

Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.

container-securityvulnerability-scanningsca+5
133 days ago

sbom-syft

64
AgentSecOpsAgentSecOps

Software Bill of Materials (SBOM) generation using Syft for container images, filesystems, and archives. Detects packages across 28+ ecosystems with multi-format output support (CycloneDX, SPDX, syft-json). Enables vulnerability assessment, license compliance, and supply chain security. Use when: (1) Generating SBOMs for container images or applications, (2) Analyzing software dependencies and packages for vulnerability scanning, (3) Tracking license compliance across dependencies, (4) Integrating SBOM generation into CI/CD for supply chain security, (5) Creating signed SBOM attestations for software provenance.

sbomsyftsupply-chain+5
133 days ago

software-security-appsec

34
vasilyu1983vasilyu1983

Modern application security patterns aligned with OWASP Top 10:2025 (final), OWASP API Security Top 10 (2023), NIST SSDF, zero trust (incl. NSA ZIGs 2026), supply chain security (SBOM), passkeys/WebAuthn, authentication, authorization, input validation, cryptography, plus security ROI, breach cost modeling, and compliance-driven enterprise sales.

133 days ago

release-automation

32
RicherTunesRicherTunes

Automate software releases, versioning, and changelog management. Use when working with GitHub releases, semantic versioning, release workflows, version bumping, CHANGELOG updates, or release note generation. Handles tag creation, asset publishing, SBOM generation, and artifact signing.

133 days ago

sbom-management

31
melodic-softwaremelodic-software

Software Bill of Materials management including generation, formats, vulnerability tracking, and supply chain security

133 days ago

supply-chain-security

31
melodic-softwaremelodic-software

Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.

133 days ago

sca-security

29
hardw00thardw00t

Software Composition Analysis skill for identifying vulnerable dependencies, license compliance, and supply chain security. This skill should be used when scanning dependencies for CVEs, analyzing SBOM (Software Bill of Materials), checking license compliance, auditing npm/pip/maven/cargo packages, or assessing supply chain risks. Triggers on requests to scan dependencies, check for vulnerable packages, generate SBOM, analyze license compliance, or audit software supply chain.

133 days ago

compliance-governance

23
TibsfoxTibsfox

Provides compliance, governance, and supply chain security guidance for cloud-native systems. Covers OPA Rego policies, Kyverno cluster policies, SBOM generation, SLSA provenance, audit trail design, and regulatory framework mapping. Use when user mentions 'compliance', 'governance', 'OPA', 'kyverno', 'SBOM', 'SLSA', 'audit', 'policy-as-code', 'SOC2', 'HIPAA', 'PCI-DSS', 'artifact signing'.

132 days ago

dependency-track-skill

20
julianobarbosajulianobarbosa

Comprehensive guide for Dependency-Track - Software Composition Analysis (SCA) and SBOM management platform. USE WHEN deploying Dependency-Track, integrating with CI/CD pipelines, configuring vulnerability scanning, managing SBOMs, setting up policy compliance, troubleshooting installation issues, or working with the REST API.

132 days ago

artifact-sbom-publisher

12
patricio0312revpatricio0312rev

Produces build artifacts with Software Bill of Materials (SBOM) and supply chain metadata for security and compliance. Use for "artifact publishing", "SBOM generation", "supply chain security", or "build provenance".

132 days ago

sbom-supply-chain

10
BagelHoleBagelHole

Generate, sign, and verify SBOMs and provenance attestations to secure the software supply chain. Use when implementing SLSA controls, artifact trust policies, or compliance evidence for releases.

132 days ago

trivy

9
mauromeddamauromedda

Security vulnerability scanner using Trivy for container images, filesystems, and IaC. Blocks CRITICAL and HIGH severity vulnerabilities before commit. Triggers on "trivy", "vulnerability scan", "security scan", "container scan", "image scan", "sbom", "cve", "dependency scan", "supply chain security", "docker scan", "scan image", "scan container", "check vulnerabilities", "security check", "license scan", "secret scan", "misconfig scan", "iac scan", "terraform scan", "kubernetes scan", "helm scan", "dockerfile scan", "package vulnerabilities", "npm audit", "pip audit", "go mod vulnerabilities", "scan dependencies", "security gate", "compliance scan", "aqua trivy". PROACTIVE: MUST invoke before committing code with new dependencies or container images.

132 days ago

isms-compliance-checking

5
Hack23Hack23

Validates all code changes against Hack23 ISMS policies, enforces ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1 alignment, ensures GDPR/NIS2/EU CRA compliance, supply chain security (OSSF Scorecard, SLSA, SBOM), and maintains required architecture documentation for Black Trigram.

133 days ago

security-scanning-security-dependencies

5
agent-skills-hubagent-skills-hub

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.

132 days ago

security-scanning-security-dependencies

4
ngxtmngxtm

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...

132 days ago

implementing-aqua-security-for-container-scanning

2
mukul975mukul975

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.

aqua-securitytrivycontainer-scanning+4
132 days ago

scanning-container-images-with-grype

2
mukul975mukul975

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.

grypevulnerability-scanningcontainer-security+3
132 days ago

enterprise-readiness

2
netresearchnetresearch

Use when evaluating projects for production readiness, implementing supply chain security (SLSA, signing, SBOMs), hardening CI/CD pipelines, establishing quality gates, or pursuing OpenSSF Best Practices Badge.

133 days ago

implementing-supply-chain-security-with-in-toto

2
mukul975mukul975

Implement software supply chain integrity verification for container builds using the in-toto framework to create cryptographically signed attestations across CI/CD pipeline steps.

in-totosupply-chain-securityattestation+6
132 days ago

dotnet-gha-publish

1
wshaddixwshaddix

Publishing .NET artifacts from GitHub Actions. NuGet push, container images, signing, SBOM.

132 days ago

docker-architect

1
DevGuyRashDevGuyRash

Generate hardened Dockerfiles, docker-compose stacks, and Swarm deploy configs. Containerize any app with multi-stage builds, non-root users, healthchecks, secrets management, .dockerignore, resource limits, and security hardening. Supports Python, Node.js, Rust, Go, Nginx, and custom stacks. Includes CI/CD pipeline scanning with hadolint, trivy, and docker scout. Produces deterministic, production-ready container architecture with digest-pinned images, OCI labels, SBOM, and provenance controls.

133 days ago

security-scanning-security-dependencies

1
rootcastlecorootcastleco

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...

132 days ago

sbom-generate

1
686f6c61686f6c61

Usar para generar Software Bill of Materials para cumplimiento del CRA

133 days ago

syft-sbom-orchestration

ciphernautciphernaut

Use for advanced SBOM tasks including attestations, format conversions, and custom cataloger selection.

132 days ago

grype-vulnerability-scanner

ciphernautciphernaut

Use when vulnerability scanning or SBOM generation is needed. Supports container images (Docker, Podman, OCI, Singularity), filesystems, archives, and registries. Output formats include CycloneDX, SPDX, SARIF, GitHub JSON, and Syft JSON. Works with APK, DPKG, RPM, and language ecosystems (Go, Python, JS, Java, Ruby, Rust, etc.).

132 days ago

Security Scanning — Dependency Security

reikiplanetreikiplanet

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess supply chain risk, generate SBOMs, and provide prioritized remediation guidance. Inputs: project manifests/lockfiles, policies, and CI context. Safety controls prevent automatic fixes without approval and mark dependency changes as release-impacting. See resources/implementation-playbook.md for detailed examples and patterns.

132 days ago

security-analyst

paixaoppaixaop

Comprehensive security analysis suite that identifies vulnerabilities across HTTP, auth, integrations, dependencies, infrastructure, and business logic through a multi-phase agent pipeline with exploit PoCs and remediation plans. Use when the user wants a security audit, penetration test, threat model, vulnerability hunt, security fix plan, SBOM, compliance mapping, privacy assessment, or security posture comparison between runs.

132 days ago

security-scanning-security-dependencies

oki3505Foki3505F

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.

132 days ago

License Scanner

faahimfaahim

Scan project dependencies for license compliance — flag risky licenses, generate SBOM reports, enforce policies.

132 days ago

security-analyst

paixaoppaixaop

Use when the user wants a security audit, penetration test, threat model, vulnerability hunt, security fix plan, SBOM, compliance mapping, privacy assessment, or security posture comparison between runs.

132 days ago

full-pipeline

pitimonpitimon

Run all security scans in parallel — SAST, SCA, Container, IaC, Secrets, SBOM. Produces unified report with compliance mappings and gate decision.

132 days ago

sbom-generate

pitimonpitimon

Generate Software Bill of Materials using Syft. Produces CycloneDX or SPDX format SBOMs for compliance and supply chain visibility.

132 days ago

Security Scanning — Dependency Security

haniakrim21haniakrim21

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.

132 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network