open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/supply-check/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

933 B
Raw Blame History

name description
security-supply-check Re-audit installed dependencies — check lockfiles against blocklists, OSV.dev CVEs, and typosquat detection

Supply Chain Check

Re-audit installed dependencies from lockfiles.

Step 1: Run Scanner

node <plugin-root>/scanners/supply-chain-recheck-cli.mjs $ARGUMENTS

Target = $ARGUMENTS or current working directory. Checks: package-lock.json, yarn.lock, requirements.txt, Pipfile.lock against blocklists, OSV.dev batch API, and Levenshtein typosquat detection.

Step 2: Format Results

Parse JSON output. Show:

# Supply Chain Check: [STATUS]

Findings: XC XH XM XL | Lockfiles: N scanned

[If osv_offline: "OSV.dev unreachable — blocklist and typosquat checks ran, CVE checks skipped"]

## Findings

[Table: severity, package, ecosystem, type (blocklist/CVE/typosquat), description]

If zero findings: "All dependencies pass supply chain checks."