tag

supply-chain▌

19 indexed skills · max 10 per page

skills (19)

implementing-code-signing-for-artifacts

mukul975/Anthropic-Cybersecurity-Skills · implementing-code-signing-for-artifacts

This skill covers implementing code signing for build artifacts to ensure integrity and authenticity throughout the software supply chain. It addresses signing binaries, packages, and containers using GPG, Sigstore, and platform-specific signing tools, establishing trust chains, and verifying signatures in deployment pipelines.

performing-container-security-scanning-with-trivy

mukul975/Anthropic-Cybersecurity-Skills · performing-container-security-scanning-with-trivy

Scan container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues using Aqua Security Trivy with SBOM generation and CI/CD integration.

implementing-aqua-security-for-container-scanning

mukul975/Anthropic-Cybersecurity-Skills · implementing-aqua-security-for-container-scanning

Deploy Aqua Security's Trivy scanner to detect vulnerabilities, misconfigurations, secrets, and license issues in container images across CI/CD pipelines and registries.

detecting-typosquatting-packages-in-npm-pypi

mukul975/Anthropic-Cybersecurity-Skills · detecting-typosquatting-packages-in-npm-pypi

Detects typosquatting attacks in npm and PyPI package registries by analyzing package name similarity using Levenshtein distance and other string metrics, examining publish date heuristics to identify recently created packages mimicking established ones, and flagging download count anomalies where suspicious packages have disproportionately low usage compared to their legitimate targets. The analyst queries the PyPI JSON API and npm registry API to gather package metadata for automated comparison. Activates for requests involving package typosquatting detection, dependency confusion analysis, malicious package identification, or software supply chain threat hunting in package registries.

exploiting-broken-link-hijacking

mukul975/Anthropic-Cybersecurity-Skills · exploiting-broken-link-hijacking

Discover and exploit broken link hijacking vulnerabilities by identifying references to expired domains, decommissioned cloud resources, and dead external services that can be claimed by an attacker.

analyzing-supply-chain-malware-artifacts

mukul975/Anthropic-Cybersecurity-Skills · analyzing-supply-chain-malware-artifacts

Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines, and sideloaded dependencies to identify intrusion vectors and scope of compromise.

implementing-container-image-minimal-base-with-distroless

mukul975/Anthropic-Cybersecurity-Skills · implementing-container-image-minimal-base-with-distroless

Reduce container attack surface by building application images on Google distroless base images that contain only the application runtime with no shell, package manager, or unnecessary OS utilities.

performing-supply-chain-attack-simulation

mukul975/Anthropic-Cybersecurity-Skills · performing-supply-chain-attack-simulation

Simulate and detect software supply chain attacks including typosquatting detection via Levenshtein distance, dependency confusion testing against private registries, package hash verification with pip, and known vulnerability scanning with pip-audit.

discover-industrial-opportunities

americanreindustrialization.com/discover-industrial-opportunities-tdvqp0 · directory

Discover companies, startups, suppliers, and job opportunities across American reindustrialization — manufacturing, energy, defense, aerospace, robotics, semiconductors, and industrial software — via the site's public JSON REST API at /api/* (companies, jobs, categories, tags).

prevpage 2 / 2next