Enforce SBOM

Add an SBOM Policy Enforcement (SscaEnforcement / CdSscaEnforcement) step to an existing Harness pipeline. The step verifies SBOM attestations (when enabled) and evaluates SBOM OPA policy sets against the artifact's bill of materials.

This skill only works with existing pipelines — do not create standalone enforcement-only pipelines.

Prerequisites: An SBOM must already exist for the artifact (typically from SscaOrchestration via /create-sbom or SBOM ingestion). SBOM policy sets must exist (/create-policy).

Supported stages: CI, CD (Deployment), and Security — same as SBOM Orchestration. CD requires a containerized step group with container-based execution.

Guide the user through a step-by-step interactive wizard (same UX as /create-sbom):

• Wizard: references/interactive-wizard-flow.md
• UI ↔ YAML: references/sbom-enforcement-step.md
• CD containerized step groups (new or existing Deploy stage): skills/create-sbom/references/cd-containerized-step-group.md