How does it help with OpenSSF compliance?

It provides checklists, automation scripts, and templates specifically aligned with the OpenSSF Best Practices Badge requirements for Passing, Silver, and Gold levels.

What is the Enterprise Readiness skill?

It is a specialized capability for Claude Code that helps developers assess and improve software projects for security, quality, and production readiness based on industry standards.

What frameworks does this skill support?

It is aligned with major industry frameworks including SLSA (Supply-chain Levels for Software Artifacts), S2C2F, and the OpenSSF Scorecard.

Can it help secure CI/CD pipelines?

Yes, it includes hardened GitHub Action templates and critical security rules to prevent common vulnerabilities like script injection and insecure dependency management.

Is this skill only for GitHub projects?

While it features deep integration for GitHub-hosted projects, it includes general reference materials, scoring systems, and principles applicable to GitLab and other development platforms.

Enterprise Readiness Assessment

Name: Enterprise Readiness Assessment
Author: netresearch

bynetresearch

•

安全与测试

Assess and enhance software projects for enterprise-grade security, quality, and supply chain automation.

关于

This skill provides a comprehensive framework for evaluating software projects against enterprise standards, including security hardening, supply chain integrity, and quality automation. It streamlines the implementation of OpenSSF Scorecard criteria, SLSA levels, and SBOM generation while providing automated scripts for CI/CD hardening. Whether you're preparing a project for production or pursuing industry-standard security badges, this tool offers the templates, workflows, and scoring systems needed to ensure your code meets rigorous professional requirements.

主要功能

Supply chain security implementation (SLSA, SBOMs, Cosign)
9 GitHub stars
OpenSSF Scorecard and Best Practices Badge assessment
Hardened CI/CD workflow templates for GitHub and GitLab
Documentation templates for governance, architecture, and security audits
Automated security scoring and gap analysis

使用场景

Preparing an open-source project for enterprise adoption or production use
Implementing SLSA Level 3 build attestation and reproducible builds
Hardening GitHub Actions pipelines against script injection and insecure dependencies

关于

主要功能

Supply chain security implementation (SLSA, SBOMs, Cosign)
9 GitHub stars
OpenSSF Scorecard and Best Practices Badge assessment
Hardened CI/CD workflow templates for GitHub and GitLab
Documentation templates for governance, architecture, and security audits
Automated security scoring and gap analysis

使用场景

Preparing an open-source project for enterprise adoption or production use
Implementing SLSA Level 3 build attestation and reproducible builds
Hardening GitHub Actions pipelines against script injection and insecure dependencies