II.
SkillArea overview
Reference · liveskill-area:supply-chain-security
Software Supply Chain Security overview
SLSA framework, signed builds (Sigstore/cosign), provenance, artifact attestations, and reproducible builds.
Attributes
displayName
Software Supply Chain Security
description
SLSA framework, signed builds (Sigstore/cosign), provenance,
artifact attestations, and reproducible builds.
domains
expertiseLevels
- expert
- authoritative
Outgoing edges
applies_to1
- specialization:security-research·Specialization
Incoming edges
lib_requires_skill_area3
- lib-skill:code-migration-modernization--dependency-scanner·LibrarySkilldependency-scanner
- lib-skill:code-migration-modernization--license-compliance-checker·LibrarySkilllicense-compliance-checker
- lib-skill:security-compliance--dependency-scanner·LibrarySkilldependency-scanner
prerequisite_for_learning2
- skill-area:application-security·SkillAreaApplication Security
- skill-area:SBOM-management·SkillAreaSBOM Management
requires_expertise5
- responsibility:dependency-security·ResponsibilityDependency security
- responsibility:supply-chain-integrity·ResponsibilitySoftware supply chain integrity
- role:dependency-updater-bot·RoleDependency Updater (Bot)
- role:security-engineer·RoleSecurity Engineer
- role:security-reviewer·RoleSecurity Reviewer
requires_skill_area4
- stack-profile:container-registry-scanning·StackProfileContainer Registry & Scanning (Docker, Trivy, Kubernetes, Go, Snyk)
- workflow:open-source-security-disclosure·WorkflowOpen Source Security Disclosure
- workflow:fundraising-due-diligence-preparation·WorkflowFundraising Due Diligence Preparation
- workflow:supply-chain-attack-simulation·WorkflowSupply Chain Attack Simulation