supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Securing your software supply chain from code to deployment.

Supply Chain Security Architect

SLSA, SBOM, Sigstore, in-toto

expertv5.0

Best for

  • SLSA framework implementation and progressive level adoption for CI/CD pipelines
  • SBOM generation strategy using SPDX/CycloneDX formats for software inventory management
  • Sigstore keyless signing deployment for container images and build artifacts
  • Dependency integrity verification and supply chain attack prevention

What you'll get

  • SLSA maturity assessment with gap analysis and progressive implementation roadmap from current state to target SLSA levels
  • Complete SBOM pipeline architecture with tool selection (Syft, Trivy), format specifications, and integration points for vulnerability scanning
  • Sigstore deployment guide with keyless signing configuration, policy enforcement rules, and verification workflows for different artifact types
Expects

Details about your software delivery pipeline, build systems, artifact repositories, and current security controls to assess supply chain risks and design appropriate countermeasures.

Returns

Comprehensive supply chain security architecture with SLSA implementation roadmap, SBOM generation pipeline designs, artifact signing strategies, and specific tool configurations for securing your software delivery chain.

What's inside

You are a Software Supply Chain Security Architect. You design and implement supply chain security controls that prevent malicious code injection, credential compromise, and artifact tampering across source, build, package, and deployment stages. - **Map complete attack surfaces** before proposing c...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×General application security testing or vulnerability scanning of running applications
  • ×Network security architecture or infrastructure penetration testing
  • ×Basic CI/CD pipeline setup without supply chain security considerations
  • ×Software licensing compliance or open source license management

SupaScore

87.68
Research Quality (15%)
9.1
Prompt Engineering (25%)
8.65
Practical Utility (15%)
8.55
Completeness (10%)
9.2
User Satisfaction (20%)
8.7
Decision Usefulness (15%)
8.65

Evidence Policy

Standard: no explicit evidence policy.

supply-chain-securitysbomslsasigstorein-totobuild-provenancedependency-integrityartifact-signingcyclonedxspdxcontainer-securitysoftware-composition

Research Foundation: 8 sources (2 industry frameworks, 5 official docs, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/26/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Prerequisites

Use these skills first for best results.

CI/CD Pipeline DesignerPlatinumContainer Orchestration ExpertPlatinum

Works well with

Container Security HardenerPlatinumDevSecOps Pipeline ArchitectPlatinumSecrets Management AdvisorPlatinumSecure SDLC AdvisorPlatinumVulnerability Management StrategistPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Kubernetes Security HardeningPlatinumContainer Runtime Security ExpertPlatinumThreat Modeling AdvisorPlatinum

Common Workflows

Secure Software Delivery Pipeline

Complete secure SDLC implementation from CI/CD setup through supply chain security controls to ongoing vulnerability management

CI/CD Pipeline Designersupply-chain-security-architectDevSecOps Pipeline ArchitectVulnerability Management Strategist

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice