Can it handle different severity levels?

Yes, it includes a priority mapping system that translates security severities (Critical, High, Medium, Low) into specific backlog priorities and remediation timelines.

Can I use it in my CI/CD pipeline?

Absolutely, it provides configurations for GitHub Actions and pre-commit hooks to automate scanning and task creation during the push and pull request phases.

What task formats are supported?

While optimized for the flowspec backlog format, it produces standardized markdown that can be adapted for most project management systems.

How does this skill help with security audits?

It automates the process of turning raw audit reports into actionable development tasks, ensuring findings are tracked and resolved within your standard workflow.

Does it provide remediation advice?

The skill generates specific remediation steps and acceptance criteria based on the vulnerability type, such as CWE or OWASP categories.

Security Workflow Integration

Name: Security Workflow Integration
Author: jpoley

byjpoley

•

Seguridad y Pruebas

Transforms security scan findings into actionable, prioritized backlog tasks with automated acceptance criteria and workflow integration.

This skill bridges the gap between security assessment results and development execution by automating the creation of structured backlog tasks from vulnerability reports. It provides a standardized framework for mapping security severity levels to project priorities, generating technical acceptance criteria for remediation, and applying appropriate metadata for tracking. By integrating security checks directly into development workflow states and pre-commit hooks, it ensures that security findings are triaged, assigned, and resolved within the existing development lifecycle rather than being treated as an external afterthought.

Características Principales

01Dynamic mapping of CVSS severity levels to development priorities

02Integration of dedicated security review states into dev workflows

03Automated conversion of security findings into detailed markdown backlog tasks

048 GitHub stars

05AI-powered generation of verifiable acceptance criteria for security fixes

06Pre-commit hook templates for early vulnerability detection and triage

Casos de Uso

01Adding a mandatory 'Security Review' gate to a CI/CD pipeline before deployment

02Converting a bulk JSON export from a security scanner into prioritized Jira or markdown tickets

03Automating the assignment of vulnerabilities to specific teams based on component labels

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-workflow

For use in Claude.ai and ChatGPT

Download Skill