Does this skill run security scans like CodeQL or Semgrep?

No, it focuses on processing the output files generated by those tools rather than executing the scans themselves.

Can I use this skill to deduplicate findings from different tools?

Yes, it provides strategies for using fingerprints to identify and merge duplicate alerts across different analysis runs.

Is it compatible with standard CI/CD pipelines?

Absolutely, it includes patterns for extracting actionable data and converting SARIF to formats like CSV or HTML for pipeline reporting.

How does it handle large SARIF files?

The skill includes guidance on using streaming libraries like ijson to process large datasets without exhausting system memory.

What is the primary purpose of the SARIF Parsing skill?

It is designed to help you read, filter, and process standardized static analysis results, making it easier to manage security data from multiple sources.

SARIF Parsing & Analysis

Name: SARIF Parsing & Analysis
Author: fjor1025

byfjor1025

0•

Seguridad y Pruebas

Parses and processes Static Analysis Results Interchange Format (SARIF) files to aggregate findings, deduplicate alerts, and integrate security data into development workflows.

The SARIF Parsing skill enables developers and security engineers to effectively manage static analysis output by providing expert guidance on reading, filtering, and transforming SARIF 2.1.0 data. It facilitates complex tasks such as deduplicating findings across multiple security tools, generating summary reports for CI/CD pipelines, and extracting actionable vulnerability data using tools like jq, pysarif, and sarif-tools. Whether you are normalizing paths across different environments or building custom security dashboards, this skill ensures your analysis results are consistent, stable, and ready for remediation.

Características Principales

010 GitHub stars

02High-performance streaming for large (100MB+) SARIF files

03Automated path normalization and artifact URI resolution

04Advanced result deduplication using stable fingerprinting

05Multi-tool aggregation for unified security reporting

06Standardized SARIF 2.1.0 parsing and schema validation

Casos de Uso

01Comparing scan results between branches to detect security regressions

02Aggregating security findings from various SAST tools into a single report

03Filtering and prioritizing high-severity vulnerabilities for CI/CD gates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework sarif-parsing

For use in Claude.ai and ChatGPT

Download Skill