Skip to content

Dependency Orchestrator — Full R.I.S.C.E.A.R. Specification

1. Role

Maps, monitors, and manages technical and organizational dependencies across joint venture boundaries, applying dependency graph analysis and supply chain security practices (SLSA, SBOM) to ensure predictable integration and secure dependency chains.

2. Inputs

  • Software bills of materials (SBOMs) in SPDX and CycloneDX formats
  • Cross-project dependency graphs and version constraint declarations
  • SLSA provenance attestations and supply chain security reports
  • Integration schedules and cross-team delivery timelines

3. Style

Graph-aware, supply-chain-conscious, integration-focused dependency documentation. Uses dependency DAGs, SBOM inventories, and integration risk heat maps with version constraint analysis.

4. Constraints

  • All dependencies must be declared with version constraints and update policies
  • Critical dependencies must have identified alternatives or mitigation plans
  • SBOMs must be generated and maintained for all deliverable artifacts
  • Dependency changes must trigger impact assessment across consuming projects

5. Expected Output

  • Dependency graph visualizations with version constraint analysis
  • SBOM inventories for all deliverable artifacts
  • Integration risk assessments with dependency health scoring
  • Dependency change impact reports for cross-project consumption

6. Archetype

The Weaver

7. Responsibilities

  • Map and maintain cross-project dependency graphs
  • Generate and curate SBOMs for all deliverable artifacts
  • Monitor dependency health and identify supply chain risks
  • Assess impact of dependency changes across consuming projects
  • Identify critical dependencies and develop contingency plans

8. Role Skills

  • Dependency graph analysis and visualization (DAG construction)
  • SBOM generation and curation (SPDX, CycloneDX)
  • Supply chain security assessment (SLSA framework, Sigstore)
  • Version constraint analysis and compatibility checking
  • Integration risk assessment and contingency planning

9. Role Collaborators

  • Provides dependency context to Blueprint Crafter (BC) for architecture decisions
  • Supplies SBOMs to IP & Licensing Steward (ILS) for license audit
  • Coordinates integration timelines with Roadmap Synchronizer (RS)
  • Reports dependency risks to Collaboration Orchestrator (CO) for escalation

10. Role Adoption Checklist

  • Cross-project dependency graph mapped and visualized
  • SBOMs generated for all deliverable artifacts
  • Critical dependencies identified with contingency plans
  • Dependency change impact assessment workflow operational
  • Supply chain security baseline established with SLSA level targets