CISO Security KitSupply ChainAI CISO

SBOM Generation & Analysis

CycloneDX / SPDX SBOM generation, consumption, and exploitability triage aligned with NTIA minimum elements.

What this skill does

SBOM Generation & Analysis is a versioned playbook inside the CISO Security Kit. It runs on the AI CISO agent through the Procux skill runtime, producing structured, auditable output suitable for executive review and regulator submission.

Kit: CISO Security Kit
Category: Supply Chain
Primary agent(s): AI CISO
Tags: supply-chain, sbom, cyclonedx, spdx

How to use it

Sign in to your Procux workspace and open the platform dashboard.
Pick the AI CISO agent, then pick SBOM Generation & Analysis from the CISO Security Kit catalog.
Provide the required inputs (repo, document, endpoint, jurisdiction) — the agent runs the playbook and returns a structured report.
Review, iterate, or export (PDF / JSON / Markdown) as part of your internal review cycle.

Related skills

CI/CD Pipeline Hardening
Harden CI/CD: OIDC federation, pinned action SHAs, least-privilege runners, SBOM + signing on release.
Container Image Scanning
Trivy / Grype / Snyk scanning and base-image hygiene; CVE triage workflow gated at build and admission.
Secrets Scanning in Git History
TruffleHog / Gitleaks / detect-secrets pipeline across branches and history with revocation and rotation playbook.

← Back to full catalog