| name | supply-chain-security |
| description | Software supply chain security reference for OpenSSF Scorecard, SLSA, Sigstore, SBOM, and posture/backlog taxonomies. |
| license | MIT |
| user-invocable | true |
Supply Chain Security
This skill packages the durable software supply chain security (SSSC) reference material: open-standard catalogs, the combined capabilities inventory, and the classification taxonomies used to assess a repository's posture and turn gaps into prioritized work items.
When to use
Use this skill when you need to:
- Assess a repository against the 27 combined supply chain capabilities from hve-core and physical-ai-toolchain.
- Map posture against OpenSSF Scorecard, SLSA v1.0, OpenSSF Best Practices Badge, Sigstore (cosign), or NTIA SBOM minimum elements.
- Classify a gap by adoption category, effort size, or qualitative concern level.
- Derive work item priority and execution order from Scorecard risk levels.
Skill layout
Load the reference file for the topic you need. Each file holds the verbatim standard catalog or taxonomy.
Attribution
Standard catalogs in this skill derive from their respective upstream projects. Per-reference attribution appears at the bottom of each reference file. See references/00-index.md for the consolidated attribution summary.