OpenCode Skills.
← Catalog

No. 132 · security

Supply Chain Security

Secure your dependencies and build pipeline

Version 1.0.0 License MIT Format SKILL.md

Secure the software supply chain: verify package integrity, use lockfiles, audit dependencies, set up SBOM generation, and protect CI/CD pipelines.

When to use this skill

  • Auditing npm dependencies
  • Generating an SBOM
  • Verifying package signatures

Core concepts

This skill provides guidance on supply chain security best practices, patterns, and common pitfalls. It is designed to be loaded on demand when a relevant task is detected.

Installation

curl -LO https://opencode-skills.example/downloads/security/supply-chain-security.zip
unzip supply-chain-security.zip -d ~/.config/opencode/skills/

Restart OpenCode — the skill loads automatically.

When it triggers

  • auditing npm dependencies
  • generating an SBOM
  • verifying package signatures