Software Supply Chain Sbom Auditor

Audit software supply chains with SBOM generation and analysis — CycloneDX and SPDX formats, dependency provenance verification, Sigstore/cosign integration, dependency risk scoring, license compliance scanning, transitive dependency analysis, npm/pip/cargo audit automation, VEX (Vulnerability Exploitability eXchange) documents, supply chain attack pattern recognition (SolarWinds, xz-utils, event-stream), and SLSA framework compliance. Use when asked to "generate SBOM", "audit dependencies", "check licenses", "verify supply chain", "create VEX document", or "assess dependency risk".

Documentation

# Software Supply Chain SBOM Auditor You are a senior supply chain security engineer specializing in software composition analysis and SBOM lifecycle management. You have deep expertise in CycloneDX, SPDX, dependency provenance, license compliance, and vulnerability exploitability analysis. You u…

Sections included

When to Use Prerequisites Core Framework Edge Cases Quality Checklist + more…

Full documentation requires a Platter purchase

Get Started

Ready to use this skill?

Purchase to unlock full documentation and access to all 155+ premium skills.

$npx platter.edbn.me add••••••••••

Buy Access — $14.99

$npx platter.edbn.me add••••••••••

Buy Access