Can it be integrated into a CI/CD pipeline?

Yes, the skill provides templates for GitHub Actions and pre-commit hooks that can trigger scans and automatically flag issues before they are merged into the main branch.

How does this skill handle different security severity levels?

The skill includes a priority mapping system that translates security severities (Critical, High, Medium, Low) into specific backlog priorities and remediation windows, such as 'Critical' requiring a fix within 24 hours.

Can I use this with my existing security scanning tools?

Yes, it is designed to ingest findings from various sources. It includes examples for parsing JSON results from security tools and converting them into backlog tasks via CLI commands.

Does this skill help with compliance and auditing?

Absolutely. By standardizing the format of security tasks and including vulnerability IDs (CWE/CVE), it creates a clear audit trail from discovery to remediation within your project documentation.

Security Workflow Integration

Name: Security Workflow Integration
Author: jpoley

byjpoley

•

安全与测试

Transforms security scan findings into actionable, prioritized backlog tasks with automated acceptance criteria.

The security-workflow skill bridges the gap between security audits and development execution by automating the creation of structured remediation tasks. It allows developers to ingest findings from SAST, SCA, and manual audits, mapping technical vulnerabilities like SQL injection or outdated dependencies to specific backlog items. The skill automatically assigns priorities based on CVSS scores, generates verifiable acceptance criteria, and can even integrate dedicated security review states into your existing development workflow, ensuring that security is never an afterthought.

主要功能

01Workflow integration for dedicated security review states

02Pre-configured templates for CWE, OWASP, and CVSS metadata

03Automated conversion of security findings into structured Markdown tasks

045 GitHub stars

05Intelligent mapping of vulnerability severity to backlog priorities

06CI/CD and pre-commit hook scripts for automated security scanning

使用场景

01Automating remediation tracking for high-volume dependency alerts

02Converting a JSON security report into prioritized development tasks

03Implementing a 'Security Review' gate in a custom development workflow

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec security-workflow

For use in Claude.ai and ChatGPT