When is the best time to implement this skill?

This skill is specifically designed for the automation phase (typically weeks 5-8) of a security roadmap, following the initial foundation phase.

How does this skill improve supply chain security?

It implements SLSA provenance and vulnerability scanning to ensure that all software artifacts are verified, tracked, and free of known security flaws before deployment.

What is the primary focus of the Phase 2 Automation skill?

The primary focus is hardening the SDLC by integrating security gates, SBOM generation, and automated evidence collection into existing CI/CD pipelines.

Can this skill help with audit compliance?

Yes, it automates the collection of metrics and archival of evidence required for audits, ensuring every build is documented and failing builds are blocked.

SDLC Automation & Security Hardening

Name: SDLC Automation & Security Hardening
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

0•

Deployment & DevOps

Automates secure software supply chain enforcement through CI/CD gates, SBOM generation, and vulnerability scanning.

This skill facilitates the second phase of SDLC hardening by integrating critical security controls directly into the CI/CD pipeline. It provides a structured framework for implementing automated gates that block insecure builds, generating Software Bill of Materials (SBOM) for transparency, and ensuring SLSA provenance. By automating evidence collection and metrics tracking, it helps teams maintain a verifiable audit trail while transitioning from foundational security setups to robust, automated enforcement in the production pipeline.

Key Features

01Automated vulnerability scanning integration

02Automated CI/CD security gate implementation

03SLSA provenance tracking for supply chain integrity

040 GitHub stars

05Software Bill of Materials (SBOM) generation

06Automated evidence collection for audit compliance

Use Cases

01Preventing insecure code artifacts from reaching production via automated pipeline failures.

02Automating the archival of security metrics and evidence for regulatory compliance.

03Hardening the software supply chain during the middle stages of a development lifecycle.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills phase-2-automation-weeks-5-8

For use in Claude.ai and ChatGPT

Download Skill