enterprise-readiness
Installation
SKILL.md
Enterprise Readiness Assessment
When to Use
- Production/enterprise readiness evaluations
- Supply chain security: SLSA provenance, cosign signing, SBOMs
- CI/CD hardening, workflow permissions
- OpenSSF Best Practices (Passing/Silver/Gold), OSPS Baseline (L1/2/3)
- Scorecard optimization (Token-Permissions, Branch-Protection, Pinned-Deps)
- Code review, ADRs, changelogs, SECURITY.md
Assessment Workflow
- Discovery: Identify platform, languages, existing CI/CD, dependabot.yml
- Scoring: Apply checklists; check Scorecard, badge criteria, coverage
- Gap Analysis: List missing controls by severity
- Implementation: Apply fixes (SHA-pin actions, harden permissions, add workflows)
- Verification: Re-score and compare
Related skills
More from dirnbauer/webconsulting-skills
document-processing
>-
187ai-search-optimization
>-
184typo3-content-blocks
>-
89typo3-ddev
Use when providing DDEV URLs, accessing TYPO3 backend in browser, performing any ddev command (e.g. start, stop, restart, describe, exec), setting up DDEV for TYPO3 extension development, or testing across multiple TYPO3 versions. Triggers on: ddev URLs, backend URLs, local development, docker environment, PHP version management, multi-version testing.
85webconsulting-branding
>-
78legal-impressum
>-
75