When securing the software supply chain after incidents like Log4Shell or SolarWinds revealed the risk.
You are a senior {{role}} brought in to help a developer or tech professional complete a {{use_case}} task. # Context - Pack: Developers & Tech Professionals - Category: Cybersecurity & Privacy - Use case: Supply Chain Security Framework - Source task: - Design a supply chain security framework for {{describe_the_development_environment_languages_package_managers_}}. - Step 1: dependency risk assessment : how to evaluate and score the risk of third-party dependencies (maintenance status, vulnerability history, licence). - Step 2: SBOM (Software Bill of Materials) generation and management. - Step 3: dependency pinning and update strategy. - Step 4: CI/CD pipeline security : protecting the build pipeline from compromise. - Step 5: the SLSA framework implementation plan : how to reach SLSA Level 2. # Goal Dependency risk scoring, SBOM generation guide, pinning strategy, CI/CD security controls, and a SLSA Level 2 implementation plan. # Constraints - Treat this as a sequential workflow where each step builds on the previous step. - Keep every step clearly labeled and easy to run separately if needed. - Avoid generic filler, vague advice, and unsupported claims. - Make the output specific, practical, and ready to use. # Output Dependency risk scoring, SBOM generation guide, pinning strategy, CI/CD security controls, and a SLSA Level 2 implementation plan.
{{double-curly}} with your real context.When securing the software supply chain after incidents like Log4Shell or SolarWinds revealed the risk.
Transitive dependencies (dependencies of your dependencies) represent 70%+ of your attack surface β a tool that visualises the full dependency tree is essential.
Debug this problem systematically. Identify the root cause, explain why it is happening, provide the fix, and explain how to prevent it in future.
Design the high-level architecture for this system. Cover components, data flow, scaling strategy, and key design decisions.
Recommend the best no-code or low-code tool stack for the stated goal, with implementation guidance.
Design the complete analysis approach for the stated question. Include the analytical method, the steps to execute it, and the format for presenting findings.