PramodDutta/Security Ownership Map
seed-skills/security-ownership-map/SKILL.md
Analyze git repositories to build security ownership topology, compute bus factor for sensitive code, detect orphaned security-critical files, and export ownership graphs for visualization.
$ install --global
skillsauthnpx skillsauth add PramodDutta/qaskills Security Ownership MapInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 10:06 AM254.3s1 file scanned
SKILL.md
- name:
- Security Ownership Map
- description:
- Analyze git repositories to build security ownership topology, compute bus factor for sensitive code, detect orphaned security-critical files, and export ownership graphs for visualization.
- version:
- 1.0.0
- author:
- openai
- license:
- MIT
- tags:
- [security, ownership, bus-factor, git-analysis, code-ownership]
- testingTypes:
- [security]
- frameworks:
- []
- languages:
- [python, typescript, go]
- domains:
- [backend, infrastructure, devops]
- agents:
- [claude-code, cursor, github-copilot, windsurf, codex, aider, continue, cline, zed, bolt]
Security Ownership Map
Build a bipartite graph of people and files from git history to compute ownership risk, detect orphaned security-critical code, and identify bus factor hotspots.
Overview
This skill analyzes git repositories to answer critical security ownership questions:
- Who owns the security-sensitive code? Map people to auth, crypto, and secrets-related files
- What is the bus factor? Identify files with dangerously low contributor diversity
- Where is orphaned code? Find sensitive code that hasn't been touched recently
- How do files cluster? Build co-change graphs to understand code movement patterns
Workflow
1. Scope the Repository
- Define the repo root and any in-scope paths
- Set time window with
--since/--untilparameters - Decide sensitivity rules (defaults flag auth/crypto/secret paths)
2. Build the Ownership Map
python run_ownership_map.py \
--repo . \
--out ownership-map-out \
--since "12 months ago" \
--emit-commits
3. Query Security Findings
# Orphaned sensitive code (stale + low bus factor)
python query_ownership.py --data-dir ownership-map-out summary --section orphaned_sensitive_code
# Hidden owners for sensitive tags
python query_ownership.py --data-dir ownership-map-out summary --section hidden_owners
# Sensitive hotspots with low bus factor
python query_ownership.py --data-dir ownership-map-out summary --section bus_factor_hotspots
# Auth/crypto files with bus factor <= 1
python query_ownership.py --data-dir ownership-map-out files --tag auth --bus-factor-max 1
Output Artifacts
The analysis produces:
people.csv— Nodes: people with timezone detectionfiles.csv— Nodes: files with sensitivity tagsedges.csv— Edges: touch relationshipscochange_edges.csv— File-to-file co-change edges with Jaccard weightsummary.json— Security ownership findingscommunities.json— Code community clusters with maintainers
Sensitivity Rules
Default rules flag common sensitive paths:
# pattern,tag,weight
**/auth/**,auth,1.0
**/crypto/**,crypto,1.0
**/*.pem,secrets,1.0
**/middleware/auth*,auth,1.0
**/password*,auth,0.8
Override with --sensitive-config path/to/sensitive.csv.
Key Security Queries
- Bus factor hotspots — Files with bus_factor <= 1 that handle auth/crypto
- Orphaned code — Sensitive files not touched in 6+ months
- Hidden owners — Developers who silently control large portions of sensitive code
- Ownership drift — Compare against CODEOWNERS to highlight discrepancies
Best Practices
- Run quarterly to track ownership changes
- Compare against CODEOWNERS for drift detection
- Filter bots with
--ignore-author-regex '(bot|dependabot)' - Use
--window-days 90to smooth churn effects - Export to Neo4j/Gephi for visual analysis
Related Skills
PramodDutta/Vitest Migration & Config
testing
VerifiedTrustedCommunity
Teaches the agent to migrate a Jest suite to Vitest — vi.mock and the globals shim, vitest.config workspaces/projects, coverage, browser mode, and Vitest v4 breaking changes.
137SKILL.mdUpdated Jun 5, 2026
PramodDutta/Testcontainers Reuse (Node)
testing
VerifiedTrustedCommunity
Teaches the agent to speed up Node integration tests with Testcontainers reuse — withReuse(true), TESTCONTAINERS_REUSE_ENABLE, the .testcontainers.properties opt-in, stable hashing for Postgres/MySQL/Kafka, and Ryuk/CI caveats.
137SKILL.mdUpdated Jun 5, 2026
PramodDutta/Selenium to Playwright Migration
development
VerifiedTrustedCommunity
Port a Java Selenium suite to Playwright TypeScript - locator mapping, WebDriverWait to auto-wait, Grid to workers, Page Object port, with before/after code and a phased checklist.
137SKILL.mdUpdated Jun 5, 2026
PramodDutta/RAG Regression Testing
development
VerifiedTrustedCommunity
Gate RAG pipelines in CI with versioned golden eval sets, per-metric thresholds, baseline drift detection, and a build that fails when retrieval or answer quality regresses.
137SKILL.mdUpdated Jun 5, 2026