- Home
- Skills
- Questnova502
- Claude Skills Sync
- Enterprise Readiness
enterprise-readiness_skill
- Python
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill questnova502/claude-skills-sync --skill enterprise-readiness- SKILL.md4.3 KB
Overview
This skill assesses and enhances software projects for enterprise-grade security, quality, and automation. It provides checklists, templates, and scripts to evaluate production readiness and implement supply chain protections aligned with OpenSSF, SLSA, and Best Practices Badge guidance. Use it to produce a scored readiness report and prioritized remediation plan.
How this skill works
The skill discovers project metadata (platform, languages, CI) and runs stack-specific checklists to compute a readiness score. It maps findings to OpenSSF Badge criteria, performs a gap analysis by severity, and provides automation playbooks and workflow templates to remediate issues. Scripts and templates speed implementation for SBOMs, signing, CI hardening, and quality gates.
When to use it
- Before promoting a project to production or enterprise distribution
- When implementing supply chain security: SLSA, signed releases, SBOMs
- To harden CI/CD pipelines and enforce developer controls
- When pursuing OpenSSF Best Practices Badge (passing/silver/gold)
- To establish automated quality gates and coverage thresholds
Best practices
- Discover platform and CI first to load relevant references and workflows
- Use SHA-pinned GitHub Actions and verify commit hashes from the API
- Avoid interpolating runtime event variables in run: blocks to prevent script injection
- Automate verification (badge checks, coverage, signed tags) with provided scripts
- Document governance, architecture, and security decisions with provided templates
Example use cases
- Run a readiness scan to get an A–F grade and a prioritized remediation list
- Integrate SLSA provenance and cosign signing into existing CI for release integrity
- Adopt templates and workflows to meet Silver/Gold Best Practices Badge requirements
- Add automated checks for SPDX headers, branch coverage, and PR review rules
- Harden a mono-repo CI pipeline by pinning actions and enforcing secure secrets handling
FAQ
A score of 90–100 (grade A) indicates enterprise-ready; 80–89 is production-ready.
Can I use the workflows on GitLab?
Workflows are provided as GitHub Actions; adapt CI steps and scripts to GitLab CI or other runners as needed.