How does this skill identify sensitive code?

The skill uses default patterns to flag common auth, crypto, and secret paths. You can also provide a custom CSV configuration to define specific sensitive paths unique to your project.

Can I export the analysis to external visualization tools?

Yes, it generates CSV, JSON, and GraphML files specifically formatted for easy import into graph databases like Neo4j and visualization software like Gephi.

Does the analysis filter out noise from automated bots?

By default, common bots and Dependabot commits are excluded. You can further customize this using regex patterns to ensure the data reflects human ownership accurately.

What is 'bus factor' in the context of this skill?

The bus factor identifies how many key contributors have worked on a specific sensitive file; a low bus factor indicates a high-risk area where knowledge is concentrated in too few people.

Does this require a database to run?

No, it runs locally using Python and the NetworkX library to process your git history. Database export is an optional feature for more advanced visualization.

Security Ownership Map

Name: Security Ownership Map
Author: plurigrid

byplurigrid

•

セキュリティとテスト

Analyzes git history to map security ownership, calculate bus factor for sensitive code, and identify orphaned repository hotspots.

The Security Ownership Map skill provides a topological view of your repository by building bipartite graphs that link contributors to specific files based on git history. It is designed specifically for security audits and risk management, allowing teams to identify 'bus factor' risks in critical modules like authentication and cryptography. By generating co-change clusters and exporting data for visualization tools like Neo4j and Gephi, it helps developers and security leads move beyond static CODEOWNERS files to see the operational reality of code ownership and potential maintenance gaps.

主な機能

01Graph artifact generation (CSV/JSON/GraphML) for Neo4j and Gephi

02Automated security ownership topology mapping from git history

03Customizable sensitivity rules for targeted path analysis

04Identification of orphaned or stale sensitive code segments

058 GitHub stars

06Bus factor and risk calculation for sensitive code paths

ユースケース

01Performing security audits to find single points of failure in critical codebases

02Validating the accuracy of CODEOWNERS files against actual contribution patterns

03Visualizing contributor-to-file clusters to detect hidden ownership drift

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi security-ownership-map

For use in Claude.ai and ChatGPT

Download Skill