SkillHub
SkillHubagent skills marketplace
Menu
All SkillsStacksKOLHotRankings
Sign inGet Pro
Back to skills
SkillHub ClubRun DevOpsDevOpsSecurity

sca-blackduck

Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars
77
Hot score
93
Updated
March 20, 2026
Overall rating
C3.5
Composite score
3.5
Best-practice grade
B75.6

Install command

npx @skill-hub/cli install agentsecops-secopsagentkit-sca-blackduck
scablackduckdependency-scanningvulnerability-managementlicense-compliancesupply-chaincveowasp

Repository

AgentSecOps/SecOpsAgentKit

Skill path: skills/appsec/sca-blackduck

Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.

Open repository

Best for

Primary workflow: Run DevOps.

Technical facets: DevOps, Security.

Target audience: Appsec teams looking for install-ready agent workflows..

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: AgentSecOps.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

  • Install sca-blackduck into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
  • Review https://github.com/AgentSecOps/SecOpsAgentKit before adding sca-blackduck to shared team environments
  • Use sca-blackduck for appsec workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

sca-blackduck | SkillHub