creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 19:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
768ca51c8d331ab0bdcea8ffb31c9b99bb2c1839
Anthropic-Cybersecurity-Skills/skills/generating-and-analyzing-sboms/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817) 
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

69 lines
2.3 KiB
Markdown
Raw Blame History

# SBOM Toolchain Command Reference
## Syft (SBOM generation)
Source prefixes: `<image>` (default = container image), `dir:<path>`, `file:<path>`,
`registry:<image>`, `docker:<image>`, `oci-archive:<path>`.
| Flag / form | Purpose |
|-------------|---------|
| `-o <format>[=<file>]` | Output format and optional file |
| `--scope <squashed\|all-layers>` | Layer scope for images |
| `--exclude <glob>` | Exclude paths |
| `syft <src> -o table` | Human-readable summary |
Common `-o` formats: `cyclonedx-json`, `cyclonedx-xml`, `spdx-json`, `spdx` (tag-value), `syft-json`, `table`.
```bash
syft alpine:latest -o cyclonedx-json=alpine.cdx.json
syft dir:. -o spdx-json=app.spdx.json
syft myorg/app:1.4.2 -o cyclonedx-json=app.cdx.json -o spdx-json=app.spdx.json -o table
```
## Grype (vulnerability scanning)
Source prefixes: `sbom:<file>`, `<image>`, `dir:<path>`, `registry:<image>`.
| Flag | Purpose |
|------|---------|
| `-o <format>` | `table`, `json`, `cyclonedx`, `sarif` |
| `--fail-on <severity>` | Exit non-zero at/above severity (`low\|medium\|high\|critical`) |
| `--only-fixed` | Report only vulns with a fix available |
| `--add-cpes-if-none` | Improve matching for SBOMs lacking CPEs |
| `db update` | Update the vulnerability database |
```bash
grype sbom:app.cdx.json -o table
grype sbom:app.cdx.json -o json > app.vulns.json
grype sbom:app.cdx.json --only-fixed --fail-on critical
grype myorg/app:1.4.2 -o table
grype db update
```
## Cosign (signing / attestation)
| Command | Purpose |
|---------|---------|
| `cosign attest --key <key> --predicate <sbom> --type <type> <image>` | Attach signed SBOM attestation |
| `cosign verify-attestation --key <pub> --type <type> <image>` | Verify attestation |
| `cosign download attestation <image>` | Retrieve attached attestation |
| `cosign generate-key-pair` | Create signing keys |
`--type` values: `spdxjson`, `cyclonedx`, `slsaprovenance`, or a custom URI.
Keyless mode: set `COSIGN_EXPERIMENTAL=1` and omit `--key` (uses Fulcio/Rekor).
```bash
cosign attest --key cosign.key --predicate app.spdx.json --type spdxjson myorg/app:1.4.2
cosign verify-attestation --key cosign.pub --type spdxjson myorg/app:1.4.2
cosign download attestation myorg/app:1.4.2
```
## Policy file (`.grype.yaml`)
```yaml
only-fixed: true
fail-on-severity: high
ignore:
- vulnerability: CVE-2024-0000 # documented, risk-accepted
```
Reference in New Issue View Git Blame Copy Permalink