What is included in the final assessment report?

The report includes an executive summary with a letter grade, a list of critical blockers, detailed findings across six dimensions, and a prioritized improvement roadmap.

How does the Dynamic Denominator scoring work?

It calculates your score by only considering checks applicable to your specific technology stack (e.g., specific language or CI/CD platform), ensuring a fair and accurate assessment of your project's maturity.

Does it work with platforms other than GitHub?

While it has deep integration for GitHub, it includes universal security checks and templates applicable to GitLab, Bitbucket, and Azure DevOps.

What security frameworks are covered by this skill?

The skill provides alignment with OpenSSF Scorecard, OpenSSF Best Practices Badge (Passing, Silver, and Gold), SLSA Framework (Levels 1-3), and S2C2F for secure dependency consumption.

Can this skill help me achieve an OpenSSF Best Practices badge?

Yes, it includes detailed criteria for all badge levels and provides a gap analysis to show exactly what requirements are missing and how to implement them.

Enterprise Readiness Assessment

Name: Enterprise Readiness Assessment
Author: netresearch

bynetresearch

•

Seguridad y Pruebas

Assesses and enhances software projects for enterprise-grade security, quality, and supply chain automation.

This comprehensive framework enables developers to systematically evaluate and improve their software projects against industry-leading standards like OpenSSF Scorecard, SLSA, and S2C2F. It provides a structured approach to identifying security gaps, hardening CI/CD pipelines, and implementing robust quality gates. By using a dynamic scoring model tailored to your specific tech stack, the skill helps you move from basic development to enterprise-grade maturity, offering specific implementation patterns for provenance, signing, and policy enforcement.

Características Principales

01Automated CI/CD hardening patterns to prevent script injection and supply chain attacks

02Multi-platform support for GitHub, GitLab, and major programming languages

037 GitHub stars

04Dynamic scoring against OpenSSF Scorecard and Best Practices Badge criteria

05Comprehensive gap analysis with prioritized remediation roadmaps

06SLSA Level 3 provenance implementation for secure build pipelines

Casos de Uso

01Preparing a repository for production deployment in a high-security environment

02Implementing supply chain integrity controls including SBOMs and keyless signing

03Achieving and maintaining OpenSSF Best Practices certification (Passing, Silver, and Gold levels)

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add netresearch/claude-code-marketplace enterprise-readiness

For use in Claude.ai and ChatGPT

Download Skill