Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.
Inherits all available tools
Additional assets for this skill
This skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/blackduck_config.ymlassets/ci-config-template.ymlassets/ci_integration/github_actions.ymlassets/ci_integration/gitlab_ci.ymlassets/ci_integration/jenkins_pipeline.groovyassets/policy_templates/security_policy.jsonassets/rule-template.yamlreferences/EXAMPLE.mdreferences/WORKFLOW_CHECKLIST.mdreferences/cve_cwe_owasp_mapping.mdreferences/license_risk_guide.mdreferences/remediation_strategies.mdreferences/supply_chain_threats.md