What is SARIF used for?

SARIF (Static Analysis Results Interchange Format) is an OASIS standard used to represent the output of static analysis and security scanning tools in a consistent JSON format.

Can I convert SARIF to other formats?

Yes, this skill provides commands and scripts to convert SARIF output into CSV, HTML, and other formats suitable for management reporting or manual review.

How do I handle very large SARIF files?

For files exceeding 100MB, this skill recommends using streaming parsers like 'ijson' in Python to process results without loading the entire file into memory.

Why is fingerprinting important in SARIF analysis?

Fingerprints provide stable identifiers for vulnerabilities that persist even when line numbers change, allowing you to track 'known' issues versus 'new' issues across different code versions.

Does this skill run security scans?

No, this skill is designed for processing and analyzing existing scan results. To perform the actual scans, you should use tool-specific skills like CodeQL or Semgrep.

SARIF Security Results Parser

Name: SARIF Security Results Parser
Author: monmacllcapp

bymonmacllcapp

0•

安全与测试

Parses, aggregates, and analyzes Static Analysis Results Interchange Format (SARIF) files to streamline security vulnerability management.

This skill provides expert-level guidance for processing SARIF files, the industry standard for static analysis output. It enables developers to effectively interpret security scan results, deduplicate findings across multiple tools like CodeQL and Semgrep, and extract actionable insights. Whether you are integrating security data into CI/CD pipelines or converting complex JSON logs into readable reports, this skill offers optimized strategies using jq, Python, and specialized SARIF libraries to ensure high-quality vulnerability tracking and remediation.

主要功能

01Aggregate results from multiple static analysis tools into a unified format

02Convert SARIF data into actionable formats including CSV, HTML, and Markdown

03Extract and filter security findings by severity, rule ID, and file location

04Deduplicate alerts using stable fingerprints to track issues across builds

050 GitHub stars

06Normalize file paths and URIs for consistent reporting across environments

使用场景

01Consolidating results from diverse security scanners into a single CI/CD gate

02Automating the extraction of high-severity findings for bug tracking integration

03Comparing current scan results against a baseline to identify new vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks sarif-parsing

For use in Claude.ai and ChatGPT

主要功能

01Aggregate results from multiple static analysis tools into a unified format

02Convert SARIF data into actionable formats including CSV, HTML, and Markdown

03Extract and filter security findings by severity, rule ID, and file location

04Deduplicate alerts using stable fingerprints to track issues across builds

050 GitHub stars

06Normalize file paths and URIs for consistent reporting across environments

使用场景

01Consolidating results from diverse security scanners into a single CI/CD gate

02Automating the extraction of high-severity findings for bug tracking integration

03Comparing current scan results against a baseline to identify new vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks sarif-parsing

For use in Claude.ai and ChatGPT