Skills

dependency-scanning

Installation
SKILL.md

Dependency Scanning

Purpose

If a target is provided via arguments, focus the review on: $ARGUMENTS

Identify known vulnerabilities, license compliance violations, and supply chain risks across all project dependencies -- including transitive (indirect) dependencies. This skill produces a structured assessment aligned with SLSA v1.0 build integrity levels and outputs findings compatible with CycloneDX and SPDX SBOM formats.

Trigger Conditions

This skill activates when any of the following are present:

  • A package manifest is shared or referenced: package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, Pipfile.lock, poetry.lock, go.mod, go.sum, pom.xml, build.gradle, Cargo.toml, Cargo.lock, Gemfile.lock, composer.lock.
  • The user asks about dependency security, vulnerability scanning, SBOM generation, or supply chain risk.
  • A CI/CD pipeline configuration references dependency audit steps.

SBOM Generation Guidance

What Is an SBOM

Installs
11
Repository
unitoneai/securityskills
GitHub Stars
19
First Seen
May 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
dependency-scanning — unitoneai/securityskills