When is the best time to implement this skill?

This skill is specifically designed for the automation phase (typically weeks 5-8) of a security roadmap, following the initial foundation phase.

How does this skill improve supply chain security?

It implements SLSA provenance and vulnerability scanning to ensure that all software artifacts are verified, tracked, and free of known security flaws before deployment.

What is the primary focus of the Phase 2 Automation skill?

The primary focus is hardening the SDLC by integrating security gates, SBOM generation, and automated evidence collection into existing CI/CD pipelines.

Can this skill help with audit compliance?

Yes, it automates the collection of metrics and archival of evidence required for audits, ensuring every build is documented and failing builds are blocked.

SDLC Automation & Security Hardening

Name: SDLC Automation & Security Hardening
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

Deployment & DevOps

Automates secure software supply chain enforcement through CI/CD gates, SBOM generation, and vulnerability scanning.

About

This skill facilitates the second phase of SDLC hardening by integrating critical security controls directly into the CI/CD pipeline. It provides a structured framework for implementing automated gates that block insecure builds, generating Software Bill of Materials (SBOM) for transparency, and ensuring SLSA provenance. By automating evidence collection and metrics tracking, it helps teams maintain a verifiable audit trail while transitioning from foundational security setups to robust, automated enforcement in the production pipeline.

Key Features

Automated vulnerability scanning integration
Automated CI/CD security gate implementation
SLSA provenance tracking for supply chain integrity
0 GitHub stars
Software Bill of Materials (SBOM) generation
Automated evidence collection for audit compliance

Use Cases

Preventing insecure code artifacts from reaching production via automated pipeline failures.
Automating the archival of security metrics and evidence for regulatory compliance.
Hardening the software supply chain during the middle stages of a development lifecycle.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills phase-2-automation-weeks-5-8

For use in Claude.ai and ChatGPT

Download Skill

GitHub