Retour aux compétences

SARIF Parsing Expert

de prodsec-skills41

Analyzes, filters, and aggregates SARIF files from static analysis tools like CodeQL and Semgrep.

déclencheurs:parse sarifread scan resultsaggregate findingsdeduplicate alertsprocess sarif output

GitHub SKILL.md

What it does

This skill transforms raw SARIF (Static Analysis Results Interchange Format) data into actionable security insights. It handles the complexity of parsing JSON-based scan results, managing fingerprints for tracking issues across runs, and converting data for CI/CD reporting.

When to use it

Use this skill when you need to interpret security scan results, deduplicate alerts from multiple tools, or automate the failure of a pipeline based on the severity of SARIF findings.

What's included

Instructions: Comprehensive strategies for using jq, pysarif, and sarif-tools for data extraction.
Procedural Knowledge: Expert guidance on path normalization, stable fingerprinting algorithms, and schema validation.
Reference: An extensive jq query cookbook for rapid SARIF exploration.

Compatible agents

Compatible with any agent capable of executing shell commands and Python scripts, including Claude Code, Cursor, and Codex.

Étiquettes

#sarif #static-analysis #security #codeql #semgrep #vuln-management #devsecops

Pas encore audité

Cette compétence n'a pas encore été examinée par notre pipeline d'audit automatisé.

Informations

Dépôt: prodsec-skills
Étoiles: 41

Compétences similaires

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Code Spec Backfill

Identify missing function-level contracts and backfill docstrings and type annotations; report ambiguous gaps with misuse scenarios. Incremental, state-driven w

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

MCP App Store