supply chain security AI Agent Skills
Browse 53 skills related to supply chain security
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
building-ci-pipelines
Constructs secure, efficient CI/CD pipelines with supply chain security (SLSA), monorepo optimization, caching strategies, and parallelization patterns for GitHub Actions, GitLab CI, and Argo Workflows. Use when setting up automated testing, building, or deployment workflows.
sbom-syft
Software Bill of Materials (SBOM) generation using Syft for container images, filesystems, and archives. Detects packages across 28+ ecosystems with multi-format output support (CycloneDX, SPDX, syft-json). Enables vulnerability assessment, license compliance, and supply chain security. Use when: (1) Generating SBOMs for container images or applications, (2) Analyzing software dependencies and packages for vulnerability scanning, (3) Tracking license compliance across dependencies, (4) Integrating SBOM generation into CI/CD for supply chain security, (5) Creating signed SBOM attestations for software provenance.
sca-blackduck
Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.
dependency-manager
Expert at package management and supply chain security. Use when managing dependencies, updating packages, resolving version conflicts, ensuring supply chain security, or auditing vulnerabilities in project dependencies.
dependency-manager
Expert dependency manager specializing in package management, security auditing, and version conflict resolution across multiple ecosystems. Masters dependency optimization, supply chain security, and automated updates with focus on maintaining stable, secure, and efficient dependency trees.
software-security-appsec
Modern application security patterns aligned with OWASP Top 10:2025 (final), OWASP API Security Top 10 (2023), NIST SSDF, zero trust (incl. NSA ZIGs 2026), supply chain security (SBOM), passkeys/WebAuthn, authentication, authorization, input validation, cryptography, plus security ROI, breach cost modeling, and compliance-driven enterprise sales.
sbom-management
Software Bill of Materials management including generation, formats, vulnerability tracking, and supply chain security
supply-chain-security
Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.
sca-security
Software Composition Analysis skill for identifying vulnerable dependencies, license compliance, and supply chain security. This skill should be used when scanning dependencies for CVEs, analyzing SBOM (Software Bill of Materials), checking license compliance, auditing npm/pip/maven/cargo packages, or assessing supply chain risks. Triggers on requests to scan dependencies, check for vulnerable packages, generate SBOM, analyze license compliance, or audit software supply chain.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
cicd-expert
Elite CI/CD pipeline engineer specializing in GitHub Actions, GitLab CI, Jenkins automation, secure deployment strategies, and supply chain security. Expert in building efficient, secure pipelines with proper testing gates, artifact management, and ArgoCD/GitOps patterns. Use when designing pipelines, implementing security gates, or troubleshooting CI/CD issues.
dependency-audit
Provides dependency management and supply chain security practices for auditing vulnerabilities, checking licenses, assessing dependency health, and managing upgrades safely. Use when auditing packages, reviewing security, managing dependencies, or when user mentions 'audit', 'vulnerability', 'dependency', 'supply chain', 'npm audit', 'license', 'bundle size'.
compliance-governance
Provides compliance, governance, and supply chain security guidance for cloud-native systems. Covers OPA Rego policies, Kyverno cluster policies, SBOM generation, SLSA provenance, audit trail design, and regulatory framework mapping. Use when user mentions 'compliance', 'governance', 'OPA', 'kyverno', 'SBOM', 'SLSA', 'audit', 'policy-as-code', 'SOC2', 'HIPAA', 'PCI-DSS', 'artifact signing'.
security-architect
Security architecture and threat modeling. OWASP Top 10 2025 analysis, OWASP Agentic AI Top 10 (ASI01-ASI10), AI/LLM security patterns, supply chain security, modern API authentication (OAuth 2.1, DPoP, Passkeys/WebAuthn), vulnerability assessment, and security review for code and infrastructure.
security-practices
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
managing-dependencies
Evaluates packages, manages dependencies, and addresses supply chain security. Use when adding npm/pip/cargo/bundler/go dependencies, auditing packages, reviewing lockfile changes, checking for vulnerabilities, comparing package alternatives, or assessing package trustworthiness.
artifact-sbom-publisher
Produces build artifacts with Software Bill of Materials (SBOM) and supply chain metadata for security and compliance. Use for "artifact publishing", "SBOM generation", "supply chain security", or "build provenance".
trivy
Security vulnerability scanner using Trivy for container images, filesystems, and IaC. Blocks CRITICAL and HIGH severity vulnerabilities before commit. Triggers on "trivy", "vulnerability scan", "security scan", "container scan", "image scan", "sbom", "cve", "dependency scan", "supply chain security", "docker scan", "scan image", "scan container", "check vulnerabilities", "security check", "license scan", "secret scan", "misconfig scan", "iac scan", "terraform scan", "kubernetes scan", "helm scan", "dockerfile scan", "package vulnerabilities", "npm audit", "pip audit", "go mod vulnerabilities", "scan dependencies", "security gate", "compliance scan", "aqua trivy". PROACTIVE: MUST invoke before committing code with new dependencies or container images.
isms-compliance-checking
Validates all code changes against Hack23 ISMS policies, enforces ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1 alignment, ensures GDPR/NIS2/EU CRA compliance, supply chain security (OSSF Scorecard, SLSA, SBOM), and maintains required architecture documentation for Black Trigram.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...
enterprise-readiness
Use when evaluating projects for production readiness, implementing supply chain security (SLSA, signing, SBOMs), hardening CI/CD pipelines, establishing quality gates, or pursuing OpenSSF Best Practices Badge.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
agent-security
Security practices for AI agent packaging, distribution, and runtime. Use when the user mentions: agent security, API key management, secrets management, model integrity, MCP security, MCP permissions, supply chain security, code signing agents, agent threats, prompt injection config, secure agent install, agent audit, security checklist, signing binaries, notarization, keychain, credential management
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, ass...
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...
Dependency Management — Deps Audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, maintenance status, and supply-chain risks, and produce prioritized findings and actionable remediation recommendations.
Security Scanning — Dependency Security
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess supply chain risk, generate SBOMs, and provide prioritized remediation guidance. Inputs: project manifests/lockfiles, policies, and CI context. Safety controls prevent automatic fixes without approval and mark dependency changes as release-impacting. See resources/implementation-playbook.md for detailed examples and patterns.
security-scanning-security-dependencies
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
Vulnerability Scanner
Advanced vulnerability analysis principles: OWASP 2025, supply chain security, attack surface mapping, and risk prioritization.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
container-workflows
Use when building container images, writing Dockerfiles, pushing to registries, or optimizing image size and security. Guides rootless builds, multi-stage patterns, and supply chain security.
Security Scanning — Dependency Security
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
codebase-cleanup-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.