dependency-supply-chain-security

Manage dependencies and supply chain security to prevent vulnerable or malicious packages. Use this skill when you need to audit dependencies, update packages, check for vulnerabilities, understand supply chain attacks, or maintain dependency security. Triggers include "dependencies", "npm audit", "supply chain", "package security", "vulnerability", "npm update", "security audit", "outdated packages".

dependency-managementsupply-chain-securityvulnerability-scanningnpm

harperaa

1

cicd-expert

Elite CI/CD pipeline engineer specializing in GitHub Actions, GitLab CI, Jenkins automation, secure deployment strategies, and supply chain security. Expert in building efficient, secure pipelines with proper testing gates, artifact management, and ArgoCD/GitOps patterns. Use when designing pipelines, implementing security gates, or troubleshooting CI/CD issues.

ci-cdpipeline-architecturesupply-chain-securitygitops

martinholovsky

92

CI/CD Pipeline Security Expert

Expert in CI/CD pipeline design with focus on secret management, code signing, artifact security, and supply chain protection for desktop application builds

ci-cdsecret-managementcode-signingsupply-chain-security

martinholovsky

92

devsecops-expert

Expert DevSecOps engineer specializing in secure CI/CD pipelines, shift-left security, security automation, and compliance as code. Use when implementing security gates, container security, infrastructure scanning, secrets management, or building secure supply chains.

devopsci-cdautomated-security-testingsupply-chain-security

martinholovsky

92

security-scan

Quick routine security checks for secrets, dependencies, and common vulnerabilities. Run frequently during development. Triggers: security scan, quick scan, secrets check, vulnerability check, security check, pre-commit security, routine security.

security-testingvulnerability-assessmentsupply-chain-security

cosmix

3

dependency-scan

Scans project dependencies for known vulnerabilities, outdated packages, and license compliance issues. Trigger keywords: dependency, vulnerability, CVE, npm audit, outdated, license, supply chain, SBOM.

dependency-managementsbomCVEsupply-chain-security

cosmix

3

working-with-provenance

Use when tracing Konflux builds from image references, finding build logs from artifacts, or verifying source commits for container images - extracts provenance attestations to navigate from images back to builds and source code

slsasupply-chain-securitycontainerscontainer-registry

konflux-ci

64

security-practices

Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection

zero-trust-architecturesupply-chain-securitydevsecopscloud-security

williamzujkowski

11

dependency-auditor

Automated security auditing of project dependencies to identify known vulnerabilities.

vulnerability-scanningautomated-security-testingsbomsupply-chain-security

CuriousLearner

163

vulnerability-scanner

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

vulnerability-scanningowaspsupply-chain-securityattack-surface-mapping

xenitV1

10917

enterprise-readiness

Assess and enhance software projects for enterprise-grade security, quality, and automation. Use when evaluating projects for production readiness, implementing supply chain security (SLSA, signing, SBOMs), hardening CI/CD pipelines, or establishing quality gates. Aligned with OpenSSF Scorecard, Best Practices Badge (all levels), SLSA, and S2C2F. By Netresearch.

supply-chain-securityslsasbomci-cd

netresearch

9