Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Supply Chain Risk Auditor

Plugin Aktiv
Teil von:Trailofbits

Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk

1 Skill 0 MCPs
Zweck

To help users identify and mitigate supply chain threats within their project's dependencies by flagging high-risk factors and suggesting safer alternatives.

Funktionen

  • Analyzes direct project dependencies for supply chain risk factors.
  • Uses 'gh' CLI for comprehensive data gathering on dependencies.
  • Identifies dependencies with single maintainers, unmaintained status, low popularity, high-risk features, past CVEs, or missing security contacts.
  • Generates a detailed report with risk assessments and suggested alternatives.

Anwendungsfälle

  • Assessing the security posture of project dependencies.
  • Identifying potential vulnerabilities in the software supply chain.
  • Making informed decisions about replacing risky dependencies.
  • Scoping security engagements related to supply chain risks.

Nicht-Ziele

  • Performing active vulnerability scanning (e.g., CVE detection in source code).
  • Analyzing runtime dependencies.
  • Auditing license compliance.
  • Replacing dedicated security auditing tools.

Trust

  • warning:Issues AttentionThere are 13 issues opened and 4 closed in the last 90 days, resulting in a closure rate of approximately 24%, indicating slow response to open issues.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install supply-chain-risk-auditor@trailofbits

Enthält 1 Erweiterungen

Skill (1)

Supply Chain Risk Auditor Skill

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

78

Qualitätspunktzahl

77 /100
Analysiert about 18 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Dotforge

100

Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.

Plugin
luiseiman

Review Agent Governance

99

Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.

Plugin
wshobson

HubSpot Admin Skills

99

Complete HubSpot CRM administration toolkit — audit, clean, enrich, segment, automate, and maintain your database

Plugin
TomGranot