avav25/supply-chain-security
plugin/skills/supply-chain-security/SKILL.md
Use this skill when the agent is running a security audit, scanning dependencies, prioritizing CVEs by exploit likelihood, signing release artifacts, generating SBOMs for compliance, or reviewing CI/CD artifact integrity — software supply chain security knowledge covering SBOM generation (Syft, CycloneDX, SPDX), SLSA provenance levels 1 through 4, Sigstore Cosign artifact signing, EPSS exploit-prediction scores, CISA KEV known-exploited catalog, dependency-confusion / typosquatting / lockfile-validation patterns, and EO 14028 and EU Cyber Resilience Act SBOM mandates.
$ install --global
skillsauthnpx skillsauth add avav25/ai-assets supply-chain-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 23, 2026, 4:34 AM21.9s1 file scanned
SKILL.md
- name:
- supply-chain-security
- description:
- Use this skill when the agent is running a security audit, scanning dependencies, prioritizing CVEs by exploit likelihood, signing release artifacts, generating SBOMs for compliance, or reviewing CI/CD artifact integrity — software supply chain security knowledge covering SBOM generation (Syft, CycloneDX, SPDX), SLSA provenance levels 1 through 4, Sigstore Cosign artifact signing, EPSS exploit-prediction scores, CISA KEV known-exploited catalog, dependency-confusion / typosquatting / lockfile-validation patterns, and EO 14028 and EU Cyber Resilience Act SBOM mandates.
- disable-model-invocation:
- true
Supply Chain Security
Modern security audits must cover the software supply chain end-to-end: what's in the build (SBOM), how it was built (SLSA provenance), whether the artifact is genuine (Cosign signatures), and which known vulnerabilities are actively exploited (EPSS + CISA KEV). This skill is the reference catalog for those tools and standards.
SBOM — Software Bill of Materials
A Software Bill of Materials enumerates every component (direct + transitive) in a build artifact. Required by US Executive Order 14028 (2021) for federal software and by the EU Cyber Resilience Act (2024+) for software shipped to EU markets.
Formats
| Format | Maintainer | Use case | |---|---|---| | CycloneDX | OWASP | Most common in security tooling; rich vulnerability metadata | | SPDX | Linux Foundation | License-focused; ISO/IEC 5962 standard | | SWID | NIST/ISO | Installed-software tagging; less common in CI |
Tooling
- Syft (Anchore) — generate SBOM from source, container, or filesystem:
https://github.com/anchore/syftsyft <repo> -o cyclonedx-json syft <image>:<tag> -o spdx-json - Grype (Anchore) — consume SBOM, match against vuln databases:
Natively consumes EPSS + KEV for prioritization. https://github.com/anchore/grypegrype sbom:./sbom.json - Trivy (Aqua) — SBOM + container + IaC scanning in one CLI: https://trivy.dev
- Dependency-Track (OWASP) — continuous SBOM monitoring + vulnerability triage server: https://dependencytrack.org
- GUAC (OpenSSF) — graph SBOMs + attestations + vulnerabilities; query supply-chain risk: https://docs.guac.sh
SLSA — Supply-chain Levels for Software Artifacts
SLSA (pronounced "salsa") defines build-integrity levels. Maintained by OpenSSF. Reference: https://slsa.dev
| Level | Provenance | Build platform requirements | Practical use | |---|---|---|---| | L1 | Provenance exists, may be unsigned | Documented build process | Minimum hygiene; trivially forgeable | | L2 | Signed provenance from hosted build service | Hosted build (GitHub Actions, GitLab CI) | Practical baseline for most projects | | L3 | Build is hardened against tampering | Isolated, ephemeral build envs; non-falsifiable provenance | Required for high-trust artifacts (OS distros, security tools) | | L4 | Two-party review, hermetic + reproducible builds | Hermetic, reproducible, two-person review on build config | Aspirational; rare in practice |
Reaching SLSA L2
GitHub Actions + SLSA GitHub Generator achieves L2 with minimal config. The generator emits an in-toto attestation signed via Sigstore.
Sigstore Cosign — artifact signing
Sigstore provides keyless signing of build artifacts using OIDC identity (no long-lived keys to rotate). https://www.sigstore.dev
# Sign a release blob
cosign sign-blob --bundle release.sig dist/app-1.0.0.tar.gz
# Sign a container image
cosign sign ghcr.io/org/app:1.0.0
# Verify at deploy time
cosign verify-attestation --type slsaprovenance ghcr.io/org/app:1.0.0
Pair with admission control (Kyverno, Gatekeeper) in Kubernetes to reject unsigned images at deploy.
EPSS — Exploit Prediction Scoring System
EPSS is a 0.0–1.0 probability that a CVE will be exploited in the next 30 days. Maintained by FIRST.org. Free API: https://api.first.org/data/v1/epss
- EPSS ≥ 0.5 = high near-term exploitation likelihood
- EPSS ≥ 0.1 = elevated; investigate
- Useful for prioritizing thousands of "medium" CVSS findings down to the few that actually matter
grype consumes EPSS natively (grype --by-cve --add-cpes-if-none).
CISA KEV — Known Exploited Vulnerabilities
The CISA Known Exploited Vulnerabilities catalog is a curated list of CVEs confirmed exploited in the wild. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- KEV-listed CVEs are confirmed in-the-wild (not predicted)
- US federal agencies must patch within mandated deadlines
- Use as a "must fix before merge" gate in CI
EPSS and KEV are complementary: KEV is ground truth for past/active exploitation; EPSS is forward-looking probability.
Prioritization rule of thumb
A practical CVE triage policy:
| Signal | Action | |---|---| | CVE in CISA KEV | Must fix before merge | | EPSS ≥ 0.5 | Must fix before merge | | EPSS ≥ 0.1 and CVSS ≥ 7 | Fix this sprint | | EPSS < 0.1 and CVSS < 7 | Background queue | | No fix available | Document in REMEDIATION-PLAN with risk acceptance + escalation deadline |
Dependency-confusion, typosquatting, lockfile attacks
Dependency confusion
Attacker publishes a package with the same name as an internal private package to a public registry (npm, PyPI). The default resolution preferring the higher version number pulls the malicious public package into the build.
Mitigation:
- Scoped/namespaced internal packages (
@org/internal-lib) - Explicit registry config per scope in
.npmrc/pip.conf - Reserve internal package names on public registries
Typosquatting
Attacker publishes reqeusts, colourama, lodahs. Developer typos the install command; malicious package runs.
Mitigation:
- Lockfile-pinned installs (
npm ci,pip install -r requirements.txt --require-hashes) - Package allowlists in CI
- Pre-install hooks that verify package names against an allowlist
Lockfile validation
A lockfile (package-lock.json, poetry.lock, Cargo.lock, go.sum) pins exact versions and hashes. CI must:
- Reject PRs that modify the lockfile without modifying the manifest
- Enforce hash verification (
npm ci,pip install --require-hashes,cargo --frozen) - Audit lockfile changes for unexpected transitive additions
Regulatory landscape
- EO 14028 (US, 2021) — mandates SBOMs for software shipped to US federal government
- EU Cyber Resilience Act (2024+) — mandates SBOMs and vulnerability disclosure for software in EU markets
- NIST SSDF (SP 800-218) — Secure Software Development Framework, references SBOM + SLSA
- OpenSSF Scorecard — automated checks for repo security posture: https://securityscorecards.dev
When this applies
| Workflow | Apply this knowledge |
|---|---|
| /security-audit | Generate SBOM, run SCA, prioritize via EPSS+KEV, report supply-chain posture (signed artifacts? SLSA level?) |
| /code-review (security gate) | Flag lockfile changes that look suspicious; flag new dependencies not pinned to a hash |
| /security-scan | Primary surface — run Syft + Grype, gate on KEV + EPSS thresholds |
| /release / /deploy-production | Sign release artifacts with Cosign; emit SLSA provenance; verify signatures at deploy |
Integration
- Used by:
/security-audit,/security-scan,/code-review,/release,/deploy-production - Companion knowledge:
@owasp-coverage(A06 vulnerable components, A08 integrity failures, LLM03 model supply chain) - External references:
- SLSA: https://slsa.dev
- Sigstore: https://www.sigstore.dev
- CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- EPSS: https://www.first.org/epss/
- CycloneDX: https://cyclonedx.org
- SPDX: https://spdx.dev
- in-toto attestations: https://in-toto.io
- OpenSSF Scorecard: https://securityscorecards.dev
Related Skills
avav25/knowledge-sync
development
VerifiedTrustedCommunity
Use this skill when running the recurring (daily) knowledge-base rescan for a repo that already has knowledge/.knowledge-sync.yml — the main-thread dispatcher that reads the config, computes the git delta since last_scanned_sha, maps changed paths to affected doc areas, early-exits cheaply when nothing changed, then fans out one Agent(content-writer) per affected area, applies the propose/direct update policy, advances the baseline only on success, and writes an L4 run log — all with the G1 untrusted-content choke-point, secret-scan, deny-list, and budget controls woven in. For first-time setup use /knowledge-sync-init.
1SKILL.mdUpdated May 24, 2026
avav25/knowledge-sync-init
development
VerifiedTrustedCommunity
Use this skill when bootstrapping scheduled knowledge-base sync for a repo that has no knowledge/.knowledge-sync.yml yet — to run one-time setup that detects the knowledge_root from CLAUDE.md/AGENTS.md, maps doc areas to source globs, records opt-in external sources (Linear/Notion/WebFetch, all disabled by default), captures a baseline last_scanned_sha, sets the per-area update policy, generates or seeds knowledge/CONVENTIONS.md, provisions the L4 memory dir, and offers to register the daily routine. Routes ongoing recurring sync operations to /knowledge-sync.
1SKILL.mdUpdated May 24, 2026
avav25/ai-skills-init
tools
VerifiedTrustedCommunity
Use this skill when bootstrapping a target repository to be ai-skills-aware — on the first run of any ai-skills workflow in a fresh repo, when adopting the ai-skills plugin in an existing repo, or after upgrading to a plugin version that adds new memory paths or templates, including when the user does not say "init" but asks to "set up" or "onboard" the repo — to detect codebase type, create CLAUDE.md + AGENTS.md scaffolding, initialize the .ai-skills-memory/ directory tree from L1 templates, and configure .gitignore. Idempotent — safe to re-run. Accepts `--codebase-type <type>` and `--overwrite`. Not for re-initializing only memory — use `/memory-init` instead.
1SKILL.mdUpdated May 18, 2026
avav25/plugin-author
tools
VerifiedTrustedCommunity
Use this skill when extending, repairing, or improving plugin assets, when ingesting a `/feedback` report as a fix-cycle backlog, or when you do not remember which lower-level command is right for the job — the umbrella workflow for ai-skills plugin-asset authoring and maintenance: creating, auditing, fixing, improving, refactoring, and migrating skills, agents, rules, hooks, prompts, schemas, and rubrics inside the plugin. Auto-classifies the request, loads the right knowledge skills (`@prompt-engineering`, `@context-engineering`, `@team-protocols`), and spawns the right subagents (`prompt-engineer`, `system-architect`, `python-engineer`, `software-engineer`, `qa-engineer`, `eval-judge`) via the `Agent` tool.
1SKILL.mdUpdated May 14, 2026