Stats
Actions
Tags
From enterprise-readiness
Use when evaluating projects for production or enterprise readiness, implementing supply chain security (SLSA, cosign, SBOMs, pnpm), hardening CI/CD pipelines, establishing quality gates (TYPO3: CI matrix PHP 8.2-8.5 x TYPO3 12.4/13.4/14.3 LTS), pursuing OpenSSF Best Practices Badge (Passing/Silver/Gold) or OSPS Baseline levels, reviewing code quality, writing ADRs, or configuring Git hooks and CI pipelines.
How this skill is triggered — by the user, by Claude, or both
Slash command
/enterprise-readiness:enterprise-readinessThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
> Production/enterprise tier only — see `references/tier-framing.md`.
checkpoints.yamlevals/evals.jsonreferences/2fa-enforcement.mdreferences/badge-display.mdreferences/badge-submission-api.mdreferences/badges-and-workflows.mdreferences/branch-coverage.mdreferences/ci-docker-worktree.mdreferences/ci-patterns.mdreferences/code-review.mdreferences/cve-workflow.mdreferences/dco-implementation.mdreferences/documentation.mdreferences/dynamic-analysis.mdreferences/general.mdreferences/github.mdreferences/go.mdreferences/harden-runner-guide.mdreferences/mandatory-requirements.mdreferences/npm-pnpm-supply-chain.mdProduction/enterprise tier only — see
references/tier-framing.md.
Required coverage: CI, CodeQL, Scorecard, dependency review, composer audit, SBOM — as dedicated workflows or jobs calling the netresearch reusable. Badges: CI, Codecov, Scorecard, Best Practices, Baseline. See references/badges-and-workflows.md.
permissions: contents: read at workflow-level; grant write only per-job# v4.2.0). Org-internal reusable workflows use @mainstep-security/harden-runner as first step in every job; prefer egress-policy: block with allowed-endpointsdependabot.yml with all ecosystems (composer, npm, github-actions, docker); set up auto-merge workflow for dependency PRs using pull_request_targetcodecov-action; configure codecov.yml with patch coverage thresholdpush: trigger to branches: [main] when pull_request: is also presentactions/attest-build-provenance with id-token: write and attestations: write permissions; verify with gh attestation verifySECURITY.md with vulnerability disclosure process and response SLA (Critical: 7 days, High: 30 days)${{ github.event.* }} or ${{ inputs.* }} in run: blocks (script injection)https:// URLs in badge justifications| Reference | Use |
|---|---|
references/general.md | Always |
references/scorecard-playbook.md | Scorecard optimization |
references/badges-and-workflows.md | Badge URLs, workflows |
references/mandatory-requirements.md | Checklist |
references/ci-patterns.md | CI/CD, hooks |
references/code-review.md | PR quality |
references/documentation.md | ADRs, changelogs |
references/slsa-provenance.md | SLSA Level 3 |
references/signed-releases.md | Cosign/GPG |
references/openssf-badge-silver.md | Silver |
references/openssf-badge-gold.md | Gold |
references/openssf-badge-baseline.md | OSPS Baseline |
references/harden-runner-guide.md | Harden-Runner |
references/solo-maintainer-guide.md | N/A criteria |
references/npm-pnpm-supply-chain.md | pnpm |
Related skills: go-development, github-project, security-audit, git-workflow.
npx claudepluginhub netresearch/claude-code-marketplace --plugin enterprise-readinessGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.