Use when evaluating projects for production or enterprise readiness, implementing supply chain security (SLSA provenance, cosign signing, SBOMs), hardening CI/CD pipelines, establishing quality gates, pursuing OpenSSF Best Practices Badge (Passing/Silver/Gold) or OSPS Baseline levels, reviewing code quality, writing ADRs, or configuring Git hooks and CI pipelines.
From enterprise-readinessnpx claudepluginhub netresearch/claude-code-marketplace --plugin enterprise-readinessThis skill is limited to using the following tools:
checkpoints.yamlevals/evals.jsonreferences/2fa-enforcement.mdreferences/badge-display.mdreferences/badge-submission-api.mdreferences/badges-and-workflows.mdreferences/branch-coverage.mdreferences/ci-docker-worktree.mdreferences/ci-patterns.mdreferences/code-review.mdreferences/cve-workflow.mdreferences/dco-implementation.mdreferences/documentation.mdreferences/dynamic-analysis.mdreferences/general.mdreferences/github.mdreferences/go.mdreferences/harden-runner-guide.mdreferences/mandatory-requirements.mdreferences/openssf-badge-baseline.mdProvides Kotlin patterns for JetBrains Exposed ORM: DSL/DAO queries, coroutine transactions, HikariCP pooling, Flyway migrations, repository pattern.
Provides Ktor server patterns for routing DSL, plugins (auth, CORS, serialization), Koin DI, WebSockets, services, and testApplication testing.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Workflows: ci.yml, codeql.yml, scorecard.yml, dependency-review.yml.
Badges: CI Status, Codecov (codecov.io), OpenSSF Scorecard, Best Practices, Baseline.
See references/badges-and-workflows.md for URL patterns.
permissions: contents: read at workflow-level; grant write only per-job# v4.2.0). Org-internal reusable workflows use @mainstep-security/harden-runner as first step in every job; prefer egress-policy: block with allowed-endpointsdependabot.yml with all ecosystems (composer, npm, github-actions, docker); set up auto-merge workflow for dependency PRs using pull_request_targetcodecov-action; configure codecov.yml with patch coverage thresholdpush: trigger to branches: [main] when pull_request: is also presentactions/attest-build-provenance with id-token: write and attestations: write permissions; verify with gh attestation verifySECURITY.md with vulnerability disclosure process and response SLA (Critical: 7 days, High: 30 days)${{ github.event.* }} or ${{ inputs.* }} in run: blocks (script injection)https:// URLs in badge justifications| Reference | Use |
|---|---|
references/general.md | Always |
references/scorecard-playbook.md | Scorecard optimization |
references/badges-and-workflows.md | Badge URLs, workflows |
references/mandatory-requirements.md | Checklist |
references/ci-patterns.md | CI/CD, hooks |
references/code-review.md | PR quality |
references/documentation.md | ADRs, changelogs |
references/slsa-provenance.md | SLSA Level 3 |
references/signed-releases.md | Cosign/GPG |
references/openssf-badge-silver.md | Silver |
references/openssf-badge-gold.md | Gold |
references/openssf-badge-baseline.md | OSPS Baseline |
references/harden-runner-guide.md | Harden-Runner |
references/solo-maintainer-guide.md | N/A criteria |
Related skills: go-development, github-project, security-audit, git-workflow.