Can I use this for containerized applications?

Yes, it includes specific patterns for container image attestation, including support for GitHub Container Registry (GHCR) and multi-stage builds.

Does it work with existing CI/CD tools?

The skill is optimized for GitHub Actions using the slsa-framework generators, but the principles and verification patterns can be adapted to other environments.

What is SLSA provenance?

SLSA provenance is metadata about a software artifact that describes how it was built, providing a verifiable, cryptographic link between the source code and the final binary or package.

Which programming languages does this skill support?

This skill provides specialized integration patterns and best practices for Go, Node.js (npm), and Python (PyPI) toolchains.

SLSA Toolchain Integration

Name: SLSA Toolchain Integration
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

Seguridad y Pruebas

Integrates SLSA provenance generation and dependency verification across Go, Node.js, and Python toolchains.

Acerca de

This skill enables developers to implement Supply-chain Levels for Software Artifacts (SLSA) Level 3 provenance within their build pipelines. It provides specialized guidance for Go, Node.js, and Python projects to generate cryptographic integrity proofs for binaries, packages, and container images. By automating the integration of tools like GoReleaser, npm, and pip, the skill ensures that software artifacts are verifiable, tamper-proof, and meet modern supply chain security standards throughout the CI/CD lifecycle.

Características Principales

0 GitHub stars
Automated SLSA Level 3 provenance generation for multiple languages
Dependency lockfile verification for Go, npm, and Python environments
Cryptographic attestation for container images and multi-platform builds
Integration patterns for GitHub Actions and package registries
Guidance for multi-artifact builds and cross-compilation workflows

Casos de Uso

Securing CI/CD pipelines against supply chain attacks and unauthorized tampering
Automating package integrity verification during the build and release process
Meeting regulatory and compliance requirements for software artifact traceability

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills slsa-provenance-toolchain-integration

For use in Claude.ai and ChatGPT

Download Skill

GitHub