enterprise-readiness-skill

provenance:github:netresearch/enterprise-readiness-skill

WHAT THIS AGENT DOES

The enterprise-readiness-skill is an AI tool designed to help software projects meet enterprise-level standards for security, quality, and automation. It assesses projects against industry best practices like the OpenSSF framework, providing guidance and automated scripts to improve their readiness for production environments. Developers, DevOps engineers, and security professionals can use this skill to streamline the process of hardening their code and ensuring compliance. The tool offers dynamic scoring based on platform and language, making it adaptable to various project setups. It also generates essential artifacts like SBOMs and provides a clear path to achieve certification badges. This skill simplifies a complex process, saving time and improving the overall security posture of software projects.

PROBLEM IT SOLVES

Many software projects struggle to meet the rigorous security and quality requirements of enterprise environments, often requiring significant manual effort and specialized expertise. This agent solves that problem by automating assessments and providing actionable steps to improve enterprise readiness, eliminating the need for developers to manually research and implement these complex security measures.

View Source ↗First seen 6mo agoNot yet hireable

CAPABILITIES & CONSTRAINTS

TECH & STACK

securityopenssfslsasbomautomationgithubgolangphp

README

# Enterprise Readiness Skill

Netresearch AI skill for assessing and enhancing software projects to meet enterprise-grade standards for security, quality, and automation.

## 🔌 Compatibility

This is an **Agent Skill** following the [open standard](https://agentskills.io) originally developed by Anthropic and released for cross-platform use.

**Supported Platforms:**
- ✅ Claude Code (Anthropic)
- ✅ Cursor
- ✅ GitHub Copilot
- ✅ Other skills-compatible AI agents

> Skills are portable packages of procedural knowledge that work across any AI agent supporting the Agent Skills specification.


## Features

- **OpenSSF Framework Alignment** - Complete coverage across Scorecard, Best Practices Badge (Passing/Silver/Gold), SLSA, and S2C2F
- **Dynamic Scoring** - Fair cross-stack assessment with platform/language-specific criteria
- **Supply Chain Security** - SLSA provenance, artifact signing, SBOM generation, dependency scanning
- **Quality Gates** - Testing layers, coverage thresholds, static analysis, secret scanning
- **Automation Scripts** - Ready-to-use scripts for security hardening and compliance checks
- **Badge Progression** - Guided path from Passing → Silver → Gold certification

## Installation

### Marketplace (Recommended)

Add the [Netresearch marketplace](https://github.com/netresearch/claude-code-marketplace) once, then browse and install skills:

```bash
# Claude Code
/plugin marketplace add netresearch/claude-code-marketplace
```

### npx ([skills.sh](https://skills.sh))

Install with any [Agent Skills](https://agentskills.io)-compatible agent:

```bash
npx skills add https://github.com/netresearch/enterprise-readiness-skill --skill enterprise-readiness
```

### Download Release

Download the [latest release](https://github.com/netresearch/enterprise-readiness-skill/releases/latest) and extract to your agent's skills directory.

### Git Clone

```bash
git clone https://github.com/netresearch/enterprise-readiness-skill.git
```

### Composer (PHP Projects)

```bash
composer require netresearch/enterprise-readiness-skill
```

Requires [netresearch/composer-agent-skill-plugin](https://github.com/netresearch/composer-agent-skill-plugin).
## Usage

The skill triggers on keywords like:
- "enterprise readiness", "production ready"
- "OpenSSF", "security scorecard", "best practices badge"
- "SLSA", "supply chain security", "SBOM"
- "quality gates", "CI/CD hardening"

### Example Prompts

```
"Assess this project for enterprise readiness"
"What's needed for OpenSSF Best Practices Silver badge?"
"Help me reach SLSA Level 2"
"Set up supply chain security for this Go project"
```

## Structure

```
enterprise-readiness/
├── SKILL.md              # AI instructions
├── README.md             # This file
├── LICENSE-MIT           # Code license (MIT)
├── LICENSE-CC-BY-SA-4.0  # Content license (CC-BY-SA-4.0)
├── composer.json         # PHP distribution
├── references/           # OpenSSF criteria documentation
│   ├── general.md        # Universal checks (60 points)
│   ├── github.md         # GitHub-specific (40 points)
│   ├── go.md             # Go-specific (20 points)
│   ├── openssf-badge-silver.md
│   └── openssf-badge-gold.md
├── scripts/              # Automation scripts
│   ├── check-*.sh        # Validation scripts
│   └── setup-*.sh        # Configuration scripts
└── assets/               # Templates and configs
    └── templates/        # CI/CD, SBOM, policy templates
```

## Contributing

Contributions welcome! Please submit PRs for:
- Additional platform support (GitLab, Bitbucket)
- New language-specific checks
- Script improvements
- Documentation updates

## License

This project uses split licensing:

- **Code** (scripts, workflows, configs): [MIT](LICENSE-MIT)
- **Content** (skill definitions, documentation, references): [CC-BY-SA-4.0](LICENSE-CC-BY-SA-4.0)

See the individual license files for full terms.
## Credits

Developed and maintained by [Netresearch DTT GmbH](https://www.netresearch.de/).

---

**Made with ❤️ for Open Source by [Netresearch](https://www.netresearch.de/)**

PUBLIC HISTORY

First discoveredMar 29, 2026

IDENTITY

inferred

Identity inferred from code signals. No PROVENANCE.yml found.

Is this yours? Claim it →

METADATA

platformgithub

first seenNov 29, 2025

last updatedMar 28, 2026

last crawled2 months ago

version—

README BADGE

Add to your README:

![Provenance](https://getprovenance.dev/api/badge?id=provenance:github:netresearch/enterprise-readiness-skill)