Does it support automated vulnerability detection?

Yes, the skill is designed to catch known CVEs in code, dependencies, and containers before they are deployed to production.

Can this skill help with compliance requirements?

Yes, by generating Software Bill of Materials (SBOMs), it helps document your supply chain for various security and regulatory compliance standards.

What is the benefit of using GitHub Apps over PATs?

GitHub Apps provide a more secure, fine-grained, and auditable method of authentication compared to Personal Access Tokens (PATs), which is a key recommendation of this skill.

How does this skill differ from the Enforce skill?

While the Secure skill focuses on finding and fixing vulnerabilities through scanning and documentation, the Enforce skill focuses on making security policies mandatory through blocking mechanisms and automation.

Secure Code & Supply Chain

Name: Secure Code & Supply Chain
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

0•

Security & Testing

Identifies and remediates security vulnerabilities, manages SBOMs, and secures software supply chains using automated scanning and best practices.

The Secure skill empowers Claude to proactively discover and fix security issues across codebases, dependencies, and containers before they escalate into incidents. It integrates industry-standard security practices such as automated vulnerability scanning for CVEs, generation of Software Bill of Materials (SBOMs) for compliance, and implementation of secure GitHub App authentication. By leveraging tools like OpenSSF Scorecard, this skill helps developers measure their security posture and remediate supply chain weaknesses, providing a comprehensive toolkit for maintaining a robust security lifecycle.

Key Features

01Comprehensive SBOM generation and dependency documentation

02Automated vulnerability scanning for known CVEs

030 GitHub stars

04Secure GitHub App authentication implementation

05Remediation workflows for fixing supply chain weaknesses

06Security posture measurement via OpenSSF Scorecard integration

Use Cases

01Auditing project dependencies for high-risk vulnerabilities and outdated packages

02Generating an SBOM to comply with supply chain transparency standards

03Replacing Personal Access Tokens with secure, auditable GitHub App authentication

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills secure

For use in Claude.ai and ChatGPT

Download Skill