Can it handle different severity levels?

Yes, it includes a priority mapping system that translates security severities (Critical, High, Medium, Low) into specific backlog priorities and remediation timelines.

Can I use it in my CI/CD pipeline?

Absolutely, it provides configurations for GitHub Actions and pre-commit hooks to automate scanning and task creation during the push and pull request phases.

What task formats are supported?

While optimized for the flowspec backlog format, it produces standardized markdown that can be adapted for most project management systems.

How does this skill help with security audits?

It automates the process of turning raw audit reports into actionable development tasks, ensuring findings are tracked and resolved within your standard workflow.

Does it provide remediation advice?

The skill generates specific remediation steps and acceptance criteria based on the vulnerability type, such as CWE or OWASP categories.

Security Workflow Integration

Name: Security Workflow Integration
Author: jpoley

byjpoley

•

보안 및 테스팅

Transforms security scan findings into actionable, prioritized backlog tasks with automated acceptance criteria and workflow integration.

소개

This skill bridges the gap between security assessment results and development execution by automating the creation of structured backlog tasks from vulnerability reports. It provides a standardized framework for mapping security severity levels to project priorities, generating technical acceptance criteria for remediation, and applying appropriate metadata for tracking. By integrating security checks directly into development workflow states and pre-commit hooks, it ensures that security findings are triaged, assigned, and resolved within the existing development lifecycle rather than being treated as an external afterthought.

주요 기능

Dynamic mapping of CVSS severity levels to development priorities
Integration of dedicated security review states into dev workflows
Automated conversion of security findings into detailed markdown backlog tasks
8 GitHub stars
AI-powered generation of verifiable acceptance criteria for security fixes
Pre-commit hook templates for early vulnerability detection and triage

사용 사례

Adding a mandatory 'Security Review' gate to a CI/CD pipeline before deployment
Converting a bulk JSON export from a security scanner into prioritized Jira or markdown tickets
Automating the assignment of vulnerabilities to specific teams based on component labels

소개

주요 기능

Dynamic mapping of CVSS severity levels to development priorities
Integration of dedicated security review states into dev workflows
Automated conversion of security findings into detailed markdown backlog tasks
8 GitHub stars
AI-powered generation of verifiable acceptance criteria for security fixes
Pre-commit hook templates for early vulnerability detection and triage

사용 사례

Adding a mandatory 'Security Review' gate to a CI/CD pipeline before deployment
Converting a bulk JSON export from a security scanner into prioritized Jira or markdown tickets
Automating the assignment of vulnerabilities to specific teams based on component labels