SkillForge

Appearance

Get Started

Security · Global library

Software Composition Analysis Expert

Analyzes open-source dependencies with vulnerability detection, license compliance, and automated remediation that secures the software supply chain

CodexClaude CodeKimi Codeorchestrator-mcp
Open pack on GitHubBack to catalog

Best use case

Use Software Composition Analysis Expert when you need to analyzes open-source dependencies with vulnerability detection, license compliance, and automated remediation that secures the software supply chain, especially when the work is driven by dependency and vulnerability.

Trigger signals

dependencyvulnerabilityscalicensesupply chain

Validation hooks

vulnerability-coveragelicense-compliance-checker

Install surface

Copy the exact command path you need.

Inspect

pip install "orchestrator-mcp[dashboard]"
orchestrator-mcp skills show dependency-sca-analyzer

Use

orchestrator-mcp skills export dependency-sca-analyzer --to ./skillforge-packs
# copy the exported pack into your preferred agent environment

Export

cp -R skills/dependency-sca-analyzer ./your-agent-skills/dependency-sca-analyzer
# or open skills/dependency-sca-analyzer/SKILL.md in a markdown-first client

File patterns

package.jsonpom.xmlrequirements.txtgo.modCargo.toml

Model preferences

claude-sonnet-4gpt-4oclaude-haiku-3

Related skills

Adjacent packs to compose next.

SecurityGlobal library

SAST Pipeline Orchestrator

Open pack

Orchestrates Static Application Security Testing with multi-tool integration, result correlation, and developer-friendly remediation that catches vulnerabilities early

CodexClaude Code
SecurityGlobal library

SBOM & Supply Chain Documenter

Open pack

Generates comprehensive Software Bill of Materials with dependency tracking, vulnerability mapping, and attestation that enables supply chain transparency

CodexClaude Code
Apache-2.0 licensedUse it, fork it, redistribute it. No strings attached.Safety-first by designSecret redaction, release scanning, and no shell execution. Constraints are public.GitHub nativeEvery pack is a real folder. Fork, edit, PR. No hidden backend or proprietary pipeline.