SOTA DevSecOps & Supply Chain Security

Purpose

This skill encodes the 2026 state of the art for securing the path from source code to running workload: pipeline hardening, dependency and artifact supply chain, build integrity, analysis gates, IaC/deployment security, and runtime policy enforcement. It is defensive: every rule exists to prevent a real, named class of compromise (token theft, workflow injection, dependency confusion, tag mutation, state leakage, bypassable gates).

Two operating modes. Pick one explicitly at the start of the task.

BUILD mode

Use when creating or extending pipelines, Dockerfiles, Terraform, GitOps configs, or dependency tooling.