Why is fingerprinting important for parsing SARIF?

Fingerprinting uses stable identifiers to track the same vulnerability across different code versions or environments, which prevents duplicate alerts and allows for effective baseline comparisons.

Does this skill run security scans?

No, this skill is specifically for processing and analyzing existing SARIF results. You should use the dedicated CodeQL or Semgrep skills to perform the actual scans.

Can I use this for CI/CD integration?

Yes, it provides implementation patterns for programmatic access and data conversion that are ideal for automating security gates and reporting in CI/CD pipelines.

What scanners are supported by this skill?

It supports any tool that adheres to the OASIS SARIF 2.1.0 standard, including CodeQL, Semgrep, SonarQube, and various GitHub Action security tools.

How does it handle large SARIF files?

The skill includes strategies for streaming results and using efficient query tools like jq to maintain high performance even with files exceeding 100MB.

SARIF Security Analysis & Parsing

Name: SARIF Security Analysis & Parsing
Author: micsapp

bymicsapp

0•

安全与测试

Parses and processes SARIF files from static analysis tools to aggregate findings, deduplicate alerts, and integrate security data into workflows.

SARIF Security Analysis & Parsing is a specialized tool for Claude Code designed to handle the complex structure of the Static Analysis Results Interchange Format (SARIF). It enables developers to efficiently read, interpret, and filter scan results from popular security tools like CodeQL and Semgrep. By automating the aggregation of findings from multiple sources and providing stable fingerprinting for alert tracking, this skill bridges the gap between raw security data and actionable remediation. It is particularly useful for teams looking to integrate security scanning into their DevOps pipelines, convert formats for reporting, or perform deep-dive reviews of existing vulnerability data.

主要功能

01Filters scan results by severity, rule ID, or specific file paths for targeted review

020 GitHub stars

03Deduplicates findings using stable fingerprinting to track issues across environments

04Provides standardized query patterns using jq and Python for rapid data extraction

05Converts SARIF output into actionable formats like CSV, HTML, or Markdown

06Aggregates results from multiple security scanners into a unified format

使用场景

01Identifying new vs. existing vulnerabilities by comparing current scans with baselines

02Merging security scan results from different tools into a single compliance report

03Reviewing and triaging vulnerabilities after a CodeQL or Semgrep CI run

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills sarif-parsing

For use in Claude.ai and ChatGPT

主要功能

01Filters scan results by severity, rule ID, or specific file paths for targeted review

020 GitHub stars

03Deduplicates findings using stable fingerprinting to track issues across environments

04Provides standardized query patterns using jq and Python for rapid data extraction

05Converts SARIF output into actionable formats like CSV, HTML, or Markdown

06Aggregates results from multiple security scanners into a unified format

使用场景

01Identifying new vs. existing vulnerabilities by comparing current scans with baselines

02Merging security scan results from different tools into a single compliance report

03Reviewing and triaging vulnerabilities after a CodeQL or Semgrep CI run