supply-chain-audit
Auditing software supply chain security across CI/CD pipelines, container images, and language ecosystems. Detects mutable dependency references, insecure CI patterns, credential exposure risks, and missing SBOM/SLSA controls. Use when performing a supply chain audit, checking action pinning, auditing dependencies, scanning for CI security issues, reviewing container security, or assessing dependency security. Covers GitHub Actions, containers, Python, Node, Go, Rust, .NET, and more.
Installation and usage
Auditing software supply chain security across CI/CD pipelines, container images, and language ecosystems. Detects mutable dependency references, insecure CI patterns, credential exposure risks, and missing SBOM/SLSA controls. Use when performing a supply chain audit, checking action pinning, auditing dependencies, scanning for CI security issues, reviewing container security, or assessing dependency security. Covers GitHub Actions, containers, Python, Node, Go, Rust, .NET, and more.
インストール後、ターミナルで以下のコマンドを実行してこのスキルを使用できます:
skills use supply-chain-audit