← Back to Skills

Artifact Sbom Publisher

🌐Community
by monkey1sai · vlatest · Repository

Generates SBOMs from artifact data, streamlining supply chain security and compliance reporting for software projects.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add artifact-sbom-publisher npx -- -y @trustedskills/artifact-sbom-publisher
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "artifact-sbom-publisher": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/artifact-sbom-publisher"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The artifact-sbom-publisher skill automates the publishing of Software Bill of Materials (SBOMs) for software artifacts. It generates SBOM documents, typically in formats like SPDX or CycloneDX, and publishes them to a designated repository or endpoint. This facilitates improved supply chain security and vulnerability management by providing detailed component information about deployed software.

When to use it

  • Automated Release Pipelines: Integrate into CI/CD pipelines to automatically generate and publish SBOMs with each new artifact release.
  • Software Supply Chain Compliance: Meet regulatory requirements or internal policies that mandate SBOM generation and distribution.
  • Vulnerability Management: Enable proactive identification and remediation of vulnerabilities by providing a comprehensive list of software components.
  • Internal Audits: Simplify the process of demonstrating software composition for security audits.

Key capabilities

  • SBOM Generation (SPDX, CycloneDX)
  • Automated Publishing to Repositories/Endpoints
  • Integration with CI/CD pipelines

Example prompts

  • "Publish an SBOM for artifact my-app-1.2.3 in SPDX format."
  • "Generate a CycloneDX SBOM and publish it to the internal artifact repository."
  • “Create an SBOM for this Docker image, including all dependencies.”

Tips & gotchas

The skill requires appropriate credentials or access permissions to publish to the target repository or endpoint. Ensure these are configured correctly before execution.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
monkey1sai
Installs
4
Repository (canonical source) →

🌐 Community

Passed automated security scans.