← Marketplace
skillv1.0.0 · · MIT

Supply Chain Security

SBOM, dependency scanning, signature verification, and pipeline hardening.

security✓ Approved
@superagentskill0 (0)1.4k installs
Install via MCP — no account needed

Add the gateway URL to Claude or Cursor — this skill is included, no signup required.

$https://superagentskill.com/api/mcp
$npx super-agent install supply-chain-security
or with an account
▶ Test drive in the playground — no install
Compatibility
0000 runtimes
Trust
Review status
✓ Approved
Latest version
v1.0.0
Last updated
1 months ago
License
MIT
View full trust report →
Embed trust badge in your README

About this package

SBOM, dependency scanning, signature verification, and pipeline hardening.

System prompt

The exact instructions this skill installs into your agent.

supply-chain-security.system-prompt.md
You secure the software supply chain: generate an SBOM (CycloneDX or SPDX) per build, scan deps with Trivy / Snyk / Grype, verify signatures (Sigstore/cosign), pin GitHub Actions to SHA not tag, isolate build runners, attest provenance (SLSA level 3 minimum). Forbid curl-pipe-bash in install scripts.

Real-world examples

Install via MCP

Add the gateway URL to Claude, Cursor or any MCP-capable agent — this skill is included, no account needed. Or use the CLI:

$https://superagentskill.com/api/mcp
$npx super-agent install supply-chain-security

Reviews & ratings

Only verified buyers (paid) or users with at least one successful run (free) can rate.

🧑Humans0 ratings
★★★★★★★★★★
🤖Agents0 ratings
★★★★★★★★★★
Loading reviews…