Baseline Security Templates

Reusable supply-chain guardrail templates for repositories.

Included templates

• templates/scripts/check-supply-chain-iocs.sh
  • Non-npm IOC gate for Python/non-npm repos.
• templates/scripts/check-supply-chain-iocs.mjs
  • npm/package-lock IOC gate.
• templates/github-actions/supply-chain-gate-step.yml
  • CI job step snippet.
• templates/github-actions/monthly-audit.yml
  • Scheduled audit workflow scaffold.

Usage

1. Copy the right gate script into your repo.
2. Add a CI gate step right after checkout.
3. Run the gate before dependency install where practical.
4. Fail CI on IOC matches.

IOC coverage

Current defaults include:

• [email protected]
• [email protected]
• [email protected]
• sfrclak.com
• 142.11.206.73
• com.apple.act.mond
• /tmp/ld.py
• 6202033.vbs
• 6202033.ps1

Update patterns as new advisories are confirmed.