Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From enterprise-readiness
Use when evaluating projects for production or enterprise readiness, implementing supply chain security (SLSA, cosign, SBOMs, pnpm), hardening CI/CD pipelines, establishing quality gates (TYPO3: CI matrix PHP 8.2-8.5 x TYPO3 12.4/13.4/14.3 LTS), pursuing OpenSSF Best Practices Badge (Passing/Silver/Gold) or OSPS Baseline levels, reviewing code quality, writing ADRs, or configuring Git hooks and CI pipelines.
npx claudepluginhub netresearch/claude-code-marketplace --plugin enterprise-readinessHow this skill is triggered — by the user, by Claude, or both
Slash command
/enterprise-readiness:enterprise-readinessThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Production/enterprise readiness evaluations
checkpoints.yamlevals/evals.jsonreferences/2fa-enforcement.mdreferences/badge-display.mdreferences/badge-submission-api.mdreferences/badges-and-workflows.mdreferences/branch-coverage.mdreferences/ci-docker-worktree.mdreferences/ci-patterns.mdreferences/code-review.mdreferences/cve-workflow.mdreferences/dco-implementation.mdreferences/documentation.mdreferences/dynamic-analysis.mdreferences/general.mdreferences/github.mdreferences/go.mdreferences/harden-runner-guide.mdreferences/mandatory-requirements.mdreferences/npm-pnpm-supply-chain.mdMandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.
Share bugs, ideas, or general feedback.
Coverage required: CI, CodeQL, OpenSSF Scorecard, dependency review, security (composer audit + SBOM). Each may be a dedicated .github/workflows/<name>.yml OR a job that calls the netresearch reusable workflow. Badges: CI, Codecov, Scorecard, Best Practices, Baseline. See references/badges-and-workflows.md.
permissions: contents: read at workflow-level; grant write only per-job# v4.2.0). Org-internal reusable workflows use @mainstep-security/harden-runner as first step in every job; prefer egress-policy: block with allowed-endpointsdependabot.yml with all ecosystems (composer, npm, github-actions, docker); set up auto-merge workflow for dependency PRs using pull_request_targetcodecov-action; configure codecov.yml with patch coverage thresholdpush: trigger to branches: [main] when pull_request: is also presentactions/attest-build-provenance with id-token: write and attestations: write permissions; verify with gh attestation verifySECURITY.md with vulnerability disclosure process and response SLA (Critical: 7 days, High: 30 days)${{ github.event.* }} or ${{ inputs.* }} in run: blocks (script injection)https:// URLs in badge justifications| Reference | Use |
|---|---|
references/general.md | Always |
references/scorecard-playbook.md | Scorecard optimization |
references/badges-and-workflows.md | Badge URLs, workflows |
references/mandatory-requirements.md | Checklist |
references/ci-patterns.md | CI/CD, hooks |
references/code-review.md | PR quality |
references/documentation.md | ADRs, changelogs |
references/slsa-provenance.md | SLSA Level 3 |
references/signed-releases.md | Cosign/GPG |
references/openssf-badge-silver.md | Silver |
references/openssf-badge-gold.md | Gold |
references/openssf-badge-baseline.md | OSPS Baseline |
references/harden-runner-guide.md | Harden-Runner |
references/solo-maintainer-guide.md | N/A criteria |
references/npm-pnpm-supply-chain.md | pnpm |
Related skills: go-development, github-project, security-audit, git-workflow.