Enterprise Readiness Skill
Netresearch AI skill for assessing and enhancing software projects to meet enterprise-grade standards for security, quality, and automation.
🔌 Compatibility
This is an Agent Skill following the open standard originally developed by Anthropic and released for cross-platform use.
Supported Platforms:
- ✅ Claude Code (Anthropic)
- ✅ Cursor
- ✅ GitHub Copilot
- ✅ Other skills-compatible AI agents
Skills are portable packages of procedural knowledge that work across any AI agent supporting the Agent Skills specification.
Features
- OpenSSF Framework Alignment - Complete coverage across Scorecard, Best Practices Badge (Passing/Silver/Gold), SLSA, and S2C2F
- Dynamic Scoring - Fair cross-stack assessment with platform/language-specific criteria
- Supply Chain Security - SLSA provenance, artifact signing, SBOM generation, dependency scanning
- Quality Gates - Testing layers, coverage thresholds, static analysis, secret scanning
- Automation Scripts - Ready-to-use scripts for security hardening and compliance checks
- Badge Progression - Guided path from Passing → Silver → Gold certification
Installation
Marketplace (Recommended)
Add the Netresearch marketplace once, then browse and install skills:
# Claude Code
/plugin marketplace add netresearch/claude-code-marketplace
Install with any Agent Skills-compatible agent:
npx skills add https://github.com/netresearch/enterprise-readiness-skill --skill enterprise-readiness
Download Release
Download the latest release and extract to your agent's skills directory.
Git Clone
git clone https://github.com/netresearch/enterprise-readiness-skill.git
Composer (PHP Projects)
composer require netresearch/enterprise-readiness-skill
Requires netresearch/composer-agent-skill-plugin.
npm (Node Projects)
npm install --save-dev \
@netresearch/agent-skill-coordinator \
github:netresearch/enterprise-readiness-skill
Requires @netresearch/agent-skill-coordinator, which discovers the skill in node_modules and registers it in AGENTS.md via a postinstall hook. For pnpm, also allowlist the coordinator's postinstall:
{
"pnpm": {
"onlyBuiltDependencies": ["@netresearch/agent-skill-coordinator"]
}
}
Usage
The skill triggers on keywords like:
- "enterprise readiness", "production ready"
- "OpenSSF", "security scorecard", "best practices badge"
- "SLSA", "supply chain security", "SBOM"
- "quality gates", "CI/CD hardening"
Example Prompts
"Assess this project for enterprise readiness"
"What's needed for OpenSSF Best Practices Silver badge?"
"Help me reach SLSA Level 2"
"Set up supply chain security for this Go project"
Structure
enterprise-readiness/
├── SKILL.md # AI instructions
├── README.md # This file
├── LICENSE-MIT # Code license (MIT)
├── LICENSE-CC-BY-SA-4.0 # Content license (CC-BY-SA-4.0)
├── composer.json # PHP distribution
├── references/ # OpenSSF criteria documentation
│ ├── general.md # Universal checks (60 points)
│ ├── github.md # GitHub-specific (40 points)
│ ├── go.md # Go-specific (20 points)
│ ├── openssf-badge-silver.md
│ └── openssf-badge-gold.md
├── scripts/ # Automation scripts
│ ├── check-*.sh # Validation scripts
│ └── setup-*.sh # Configuration scripts
└── assets/ # Templates and configs
└── templates/ # CI/CD, SBOM, policy templates
Contributing
Contributions welcome! Please submit PRs for:
- Additional platform support (GitLab, Bitbucket)
- New language-specific checks
- Script improvements
- Documentation updates
License
This project uses split licensing:
- Code (scripts, workflows, configs): MIT
- Content (skill definitions, documentation, references): CC-BY-SA-4.0
See the individual license files for full terms.
Credits
Developed and maintained by Netresearch DTT GmbH.
Made with ❤️ for Open Source by Netresearch
