Can I automate security task creation in CI/CD?

Yes, the skill includes support for bulk creation scripts and GitHub Actions integration to automatically generate tasks based on scan results.

What security standards are supported?

The skill maps vulnerabilities to CWE definitions, OWASP Top 10 categories, and CVSS scores for consistent industry-standard reporting.

How does this skill handle security scan results?

It parses findings and uses a standardized format to create backlog tasks that include technical descriptions, impact analysis, and specific remediation steps.

How does it help with prioritization?

It includes a priority mapping strategy that translates security severities (Critical, High, Medium, Low) into specific backlog priorities and fix timelines.

Does it support custom workflow states?

Yes, it provides configuration options to add dedicated 'Security Review' or 'Validated' states to your existing flowspec development lifecycle.

Security Workflow Integration

Name: Security Workflow Integration
Author: jpoley

byjpoley

•

安全与测试

Integrates security assessment findings into development backlogs and workflow states to streamline vulnerability remediation.

The Security Workflow skill bridges the gap between security scanning and developer productivity by translating complex vulnerabilities into actionable tasks. It automates the creation of standardized backlog items complete with CWE/OWASP references, CVSS scores, and verifiable acceptance criteria. By mapping security severity to project priorities and introducing dedicated 'Security Review' workflow states, it ensures that critical fixes are never lost in the backlog and follow a rigorous path to production.

主要功能

01Automated task generation from security scan results

025 GitHub stars

03Seamless integration into CI/CD pipelines and pre-commit hooks

04Standardized security task formatting with CWE and OWASP metadata

05Automated acceptance criteria (AC) generation for security fixes

06Intelligent severity-to-priority mapping for backlog management

使用场景

01Automating the tracking and assignment of dependency vulnerability fixes

02Converting SAST or SCA report findings into prioritized development tasks

03Implementing a mandatory Security Review gate in the project workflow

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-workflow

For use in Claude.ai and ChatGPT

Download Skill