README

Netresearch AI skill for assessing and enhancing software projects to meet enterprise-grade standards for security, quality, and automation.

🔌 Compatibility

This is an Agent Skill following the open standard originally developed by Anthropic and released for cross-platform use.

Supported Platforms:

✅ Claude Code (Anthropic)
✅ Cursor
✅ GitHub Copilot
✅ Other skills-compatible AI agents

Skills are portable packages of procedural knowledge that work across any AI agent supporting the Agent Skills specification.

Features

OpenSSF Framework Alignment - Complete coverage across Scorecard, Best Practices Badge (Passing/Silver/Gold), SLSA, and S2C2F
Dynamic Scoring - Fair cross-stack assessment with platform/language-specific criteria
Supply Chain Security - SLSA provenance, artifact signing, SBOM generation, dependency scanning
Quality Gates - Testing layers, coverage thresholds, static analysis, secret scanning
Automation Scripts - Ready-to-use scripts for security hardening and compliance checks
Badge Progression - Guided path from Passing → Silver → Gold certification

Installation

Marketplace (Recommended)

Add the Netresearch marketplace once, then browse and install skills:

# Claude Code
/plugin marketplace add netresearch/claude-code-marketplace

npx (skills.sh)

Install with any Agent Skills-compatible agent:

npx skills add https://github.com/netresearch/enterprise-readiness-skill --skill enterprise-readiness

Download Release

Download the latest release and extract to your agent's skills directory.

Git Clone

git clone https://github.com/netresearch/enterprise-readiness-skill.git

Composer (PHP Projects)

composer require netresearch/enterprise-readiness-skill

Requires netresearch/composer-agent-skill-plugin.

Usage

The skill triggers on keywords like:

"enterprise readiness", "production ready"
"OpenSSF", "security scorecard", "best practices badge"
"SLSA", "supply chain security", "SBOM"
"quality gates", "CI/CD hardening"

Example Prompts

"Assess this project for enterprise readiness"
"What's needed for OpenSSF Best Practices Silver badge?"
"Help me reach SLSA Level 2"
"Set up supply chain security for this Go project"

Structure

enterprise-readiness/
├── SKILL.md              # AI instructions
├── README.md             # This file
├── LICENSE-MIT           # Code license (MIT)
├── LICENSE-CC-BY-SA-4.0  # Content license (CC-BY-SA-4.0)
├── composer.json         # PHP distribution
├── references/           # OpenSSF criteria documentation
│   ├── general.md        # Universal checks (60 points)
│   ├── github.md         # GitHub-specific (40 points)
│   ├── go.md             # Go-specific (20 points)
│   ├── openssf-badge-silver.md
│   └── openssf-badge-gold.md
├── scripts/              # Automation scripts
│   ├── check-*.sh        # Validation scripts
│   └── setup-*.sh        # Configuration scripts
└── assets/               # Templates and configs
    └── templates/        # CI/CD, SBOM, policy templates

Contributing

Contributions welcome! Please submit PRs for:

Additional platform support (GitLab, Bitbucket)
New language-specific checks
Script improvements
Documentation updates

License

This project uses split licensing:

Code (scripts, workflows, configs): MIT
Content (skill definitions, documentation, references): CC-BY-SA-4.0

See the individual license files for full terms.

Credits

Developed and maintained by Netresearch DTT GmbH.

Made with ❤️ for Open Source by Netresearch

netresearch / agent-enterprise-readiness

Maintainers

Package info

Statistics

Security