Can it handle transitive or indirect dependencies?

Yes, it analyzes whether an update should be applied to a direct dependency or if a 'replace' directive/version override is required for indirect packages.

How does it decide which remediation type to use?

It uses a decision tree based on the availability of a fixed version, the risk level (High/Medium/Low), and the specific nature of the vulnerability (logic vs. dependency).

What languages does this skill support?

This skill is specifically optimized for Go (Golang) codebases, handling go.mod files, standard library updates, and Go-specific dependency relationships.

Does it provide the actual code to fix vulnerabilities?

Yes, for code-based issues, it provides 'before' and 'after' refactoring examples, specific API migration paths, and input validation patterns.

What if there is no official fix for a CVE yet?

The skill includes a dedicated workaround phase that suggests configuration changes, network-level controls, or defensive coding patterns to mitigate risk.

Go Security Remediation Planning

Name: Go Security Remediation Planning
Author: openshift-eng

byopenshift-eng

•

Security & Testing

Generates actionable, step-by-step remediation plans for security vulnerabilities in Go modules and applications.

The Remediation Planning skill automates the complex process of planning fixes for identified CVEs in Go codebases. By analyzing vulnerability intelligence and codebase impact, it produces tailored strategies ranging from simple dependency updates and Go runtime upgrades to complex code refactorings and temporary workarounds. It serves as a bridge between security detection and resolution, helping developers choose the lowest-risk path to compliance while providing specific commands and implementation patterns for various remediation types.

Key Features

01Support for 8 distinct remediation types including dependency updates and runtime upgrades

02Mitigation guidance for vulnerabilities where no official fixed version exists

03Detailed code refactoring patterns for replacing unsafe API usages

0460 GitHub stars

05Automated strategy determination based on CVE severity and risk analysis

06Deep analysis of direct and transitive (indirect) Go module dependencies

Use Cases

01Planning Go runtime upgrades across complex CI/CD and developer environments

02Resolving high-severity CVEs found in Go projects with minimal breaking changes

03Implementing temporary security workarounds and configuration changes for unpatched modules

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add openshift-eng/ai-helpers remediation-planning

For use in Claude.ai and ChatGPT

Download Skill