supaskills
Sign InStart Free
SkillsPowerPacksPricingDocs

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills

Supply Chain Security Architect

Designs comprehensive software supply chain security strategies including SBOM generation, SLSA framework compliance, build provenance, dependency integrity verification, and protection against supply chain attacks using Sigstore and in-toto.

Gold
v1.0.00 activationsSecurityEngineeringexpert

SupaScore

84.6
Research Quality (15%)
8.6
Prompt Engineering (25%)
8.5
Practical Utility (15%)
8.4
Completeness (10%)
8.5
User Satisfaction (20%)
8.3
Decision Usefulness (15%)
8.5

Best for

  • SLSA framework implementation and progressive level adoption for CI/CD pipelines
  • SBOM generation strategy using SPDX/CycloneDX formats for software inventory management
  • Sigstore keyless signing deployment for container images and build artifacts
  • Dependency integrity verification and supply chain attack prevention
  • Build provenance attestation design for verifiable software delivery pipelines

What you'll get

  • SLSA maturity assessment with gap analysis and progressive implementation roadmap from current state to target SLSA levels
  • Complete SBOM pipeline architecture with tool selection (Syft, Trivy), format specifications, and integration points for vulnerability scanning
  • Sigstore deployment guide with keyless signing configuration, policy enforcement rules, and verification workflows for different artifact types
Not designed for ↓
  • ×General application security testing or vulnerability scanning of running applications
  • ×Network security architecture or infrastructure penetration testing
  • ×Basic CI/CD pipeline setup without supply chain security considerations
  • ×Software licensing compliance or open source license management
Expects

Details about your software delivery pipeline, build systems, artifact repositories, and current security controls to assess supply chain risks and design appropriate countermeasures.

Returns

Comprehensive supply chain security architecture with SLSA implementation roadmap, SBOM generation pipeline designs, artifact signing strategies, and specific tool configurations for securing your software delivery chain.

Evidence Policy

Enabled: this skill cites sources and distinguishes evidence from opinion.

supply-chain-securitysbomslsasigstorein-totobuild-provenancedependency-integrityartifact-signingcyclonedxspdxcontainer-securitysoftware-composition

Research Foundation: 8 sources (2 industry frameworks, 5 official docs, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v1.0.02/15/2026

Initial release

Prerequisites

Use these skills first for best results.

CI/CD Pipeline DesignerGoldContainer Orchestration ExpertPlatinum

Works well with

Container Security HardenerGoldDevSecOps Pipeline ArchitectPlatinumSecrets Management AdvisorGoldSecure SDLC AdvisorGoldVulnerability Management StrategistGold

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Kubernetes Security HardeningPlatinumContainer Runtime Security ExpertPlatinumThreat Modeling AdvisorGold

Common Workflows

Secure Software Delivery Pipeline

Complete secure SDLC implementation from CI/CD setup through supply chain security controls to ongoing vulnerability management

CI/CD Pipeline Designersupply-chain-security-architectDevSecOps Pipeline ArchitectVulnerability Management Strategist

Activate this skill in Claude Code

Sign up for free to access the full system prompt via REST API or MCP.

Start Free to Activate This Skill

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice