Can it be integrated into a CI/CD pipeline?

Yes, the skill provides templates for GitHub Actions and pre-commit hooks that can trigger scans and automatically flag issues before they are merged into the main branch.

How does this skill handle different security severity levels?

The skill includes a priority mapping system that translates security severities (Critical, High, Medium, Low) into specific backlog priorities and remediation windows, such as 'Critical' requiring a fix within 24 hours.

Can I use this with my existing security scanning tools?

Yes, it is designed to ingest findings from various sources. It includes examples for parsing JSON results from security tools and converting them into backlog tasks via CLI commands.

Does this skill help with compliance and auditing?

Absolutely. By standardizing the format of security tasks and including vulnerability IDs (CWE/CVE), it creates a clear audit trail from discovery to remediation within your project documentation.

Security Workflow Integration

Name: Security Workflow Integration
Author: jpoley

byjpoley

•

Seguridad y Pruebas

Transforms security scan findings into actionable, prioritized backlog tasks with automated acceptance criteria.

Acerca de

The security-workflow skill bridges the gap between security audits and development execution by automating the creation of structured remediation tasks. It allows developers to ingest findings from SAST, SCA, and manual audits, mapping technical vulnerabilities like SQL injection or outdated dependencies to specific backlog items. The skill automatically assigns priorities based on CVSS scores, generates verifiable acceptance criteria, and can even integrate dedicated security review states into your existing development workflow, ensuring that security is never an afterthought.

Características Principales

Workflow integration for dedicated security review states
Pre-configured templates for CWE, OWASP, and CVSS metadata
Automated conversion of security findings into structured Markdown tasks
5 GitHub stars
Intelligent mapping of vulnerability severity to backlog priorities
CI/CD and pre-commit hook scripts for automated security scanning

Casos de Uso

Automating remediation tracking for high-volume dependency alerts
Converting a JSON security report into prioritized development tasks
Implementing a 'Security Review' gate in a custom development workflow

Acerca de

Características Principales

Workflow integration for dedicated security review states
Pre-configured templates for CWE, OWASP, and CVSS metadata
Automated conversion of security findings into structured Markdown tasks
5 GitHub stars
Intelligent mapping of vulnerability severity to backlog priorities
CI/CD and pre-commit hook scripts for automated security scanning

Casos de Uso

Automating remediation tracking for high-volume dependency alerts
Converting a JSON security report into prioritized development tasks
Implementing a 'Security Review' gate in a custom development workflow