Loading...
Loading...
Found 6 Skills
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
Scan project dependencies for CVEs, outdated packages, and license compliance across npm, pip, cargo, go, maven, and other ecosystems. Use for vulnerability scanning, SBOM generation, supply chain analysis, and automated dependency updates.
Manage Harness Software Supply Chain Assurance (SSCA) via MCP. Configure automated SBOM generation with CycloneDX or SPDX formats, set up artifact signing and attestation with Cosign, define supply chain security policies using OPA, and track SLSA provenance levels. Use when asked to generate SBOMs, sign artifacts, enforce supply chain policies, track software provenance, or manage SLSA compliance. Do NOT use for OPA pipeline governance policies (use create-policy instead) or vulnerability scanning (use security-report instead). Trigger phrases: SBOM, software bill of materials, supply chain security, SLSA, artifact signing, cosign, provenance, attestation, CycloneDX, SPDX, supply chain policy.
Use when preparing any project for production deployment, performing security audits, or release preparation. Triggers on "make production ready", "security audit", "prepare for release", "hardening", "pre-deployment checklist".
Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.
Implementing multi-layer security scanning (container, SAST, DAST, SCA, secrets), SBOM generation, and risk-based vulnerability prioritization in CI/CD pipelines. Use when building DevSecOps workflows, ensuring compliance, or establishing security gates for container deployments.