What is the 'bus factor' in this context?

The bus factor represents the minimum number of developers who have sufficient knowledge of a code segment; a low factor in sensitive areas like cryptography indicates a high organizational security risk.

How does the skill identify sensitive files?

It uses default sensitivity rules to flag common auth, crypto, and secret paths, but these can be fully customized using a CSV configuration file to match your specific project structure.

What visualization tools are supported?

The skill exports data in formats compatible with Neo4j for graph queries, Gephi for visual layout, and standard JSON/CSV for custom dashboards.

Can I use this for large repositories?

Yes, the skill includes optimization flags like --since and --until to narrow the git log window, as well as excludes for 'glue' files like lockfiles to keep analysis focused on logic.

Security Ownership Map

Name: Security Ownership Map
Author: allenbenj

byallenbenj

0•

セキュリティとテスト

Analyzes git history to map repository ownership, identify security risks, and compute bus factors for sensitive code.

This skill provides a deep analysis of git repositories by building a bipartite graph of contributors and files to visualize security-sensitive areas. It helps teams assess organizational risk by calculating the 'bus factor' for critical components like authentication and cryptography, identifying orphaned sensitive code, and uncovering 'hidden owners' whose influence isn't reflected in static configurations. By generating graph-based artifacts for tools like Neo4j, it enables security engineers to validate CODEOWNERS files against historical reality and detect ownership drift before it becomes a vulnerability.

主な機能

01Clusters files via co-change analysis to identify functional ownership blocks

02Maps file-to-contributor topology using weighted git history analysis

03Detects orphaned or stale code hotspots within sensitive directories

04Calculates bus factor and risk scores for security-sensitive modules

05Exports structured graph data (CSV/JSON/GraphML) for Neo4j and Gephi

060 GitHub stars

ユースケース

01Identifying unmaintained sensitive code segments that require new owners

02Verifying if actual code maintainers align with official CODEOWNERS policies

03Auditing repositories for single-point-of-failure risks in auth/crypto modules

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add allenbenj/pages security-ownership-map

For use in Claude.ai and ChatGPT

主な機能

01Clusters files via co-change analysis to identify functional ownership blocks

02Maps file-to-contributor topology using weighted git history analysis

03Detects orphaned or stale code hotspots within sensitive directories

04Calculates bus factor and risk scores for security-sensitive modules

05Exports structured graph data (CSV/JSON/GraphML) for Neo4j and Gephi

060 GitHub stars

ユースケース

01Identifying unmaintained sensitive code segments that require new owners

02Verifying if actual code maintainers align with official CODEOWNERS policies

03Auditing repositories for single-point-of-failure risks in auth/crypto modules