igbuend/sarif-issue-reporter
skills/sarif-issue-reporter/SKILL.md
Analyze SARIF files and generate security reports with CVSS scoring, exploitation scenarios, and remediation guidance. Use when reviewing static analysis results.
$ install --global
skillsauthnpx skillsauth add igbuend/grimbard sarif-issue-reporterInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 8:20 PM20.1s3 files scanned
SKILL.md
- name:
- sarif-issue-reporter
- description:
- Analyze SARIF files and generate security reports with CVSS scoring, exploitation scenarios, and remediation guidance. Use when reviewing static analysis results.
- disable-model-invocation:
- true
- version:
- 0.0.1
- author:
- Herman Stevens
- tags:
- [security, sarif, vulnerability-analysis, reporting]
SARIF Issue Reporter
Analyze SARIF files and generate comprehensive security reports.
Target: $ARGUMENTS (path to SARIF file)
When to Use This Skill
- Reviewing static analysis results from security scanners
- Generating vulnerability reports with CVSS scoring
- Validating SAST findings (true vs false positives)
- Mapping vulnerabilities to compliance frameworks
- Creating remediation guidance with code examples
Core Capabilities
| Capability | Description | |------------|-------------| | SARIF Parsing | Read SARIF 2.1.0 format from any scanner | | Verification | Confirm findings, identify false positives | | CVSS Scoring | Calculate scores with vector strings | | Standards Mapping | OWASP, CWE, CAPEC, compliance frameworks | | Remediation | Code examples and implementation steps |
Workflow
Phase 1: Parse SARIF
- Load SARIF file at $ARGUMENTS
- Extract tool metadata from
runs[].tool.driver - Get all results from
runs[].results[] - Categorize by severity level
Phase 2: Verify Each Issue
- Extract: Location, snippet, codeFlows, related locations
- Verify: Confirm issue exists, check for false positives, assess exploitability
- Enhance: Request additional code context if needed
Phase 3: Security Assessment
CVSS 3.1 Scoring - Calculate and justify each metric:
- Attack Vector (AV): N/A/L/P
- Attack Complexity (AC): L/H
- Privileges Required (PR): N/L/H
- User Interaction (UI): N/R
- Scope (S): U/C
- Impact (C/I/A): N/L/H each
Vector format: CVSS:3.1/AV:_/AC:_/PR:_/UI:_/S:_/C:_/I:_/A:_
Impact Analysis: Technical impact, business impact, exploitability, affected assets.
Phase 4: Standards Mapping
Map each verified issue to:
| Standard | Action | |----------|--------| | OWASP Top 10 | Identify category (A01-A10) | | CWE | Specific ID + parent/child | | CAPEC | Attack patterns | | Compliance | PCI-DSS, GDPR, SOC 2, HIPAA, ISO 27001, NIST |
Reference: OWASP Top 10 | CWE | CAPEC
Phase 5: Report Generation
For each verified issue, generate this report structure:
## [ISSUE-XXX] {Title}
**Severity**: {Critical|High|Medium|Low} | **CVSS**: {Score} ({Vector}) | **Status**: Verified
### Summary
{2-3 sentence overview}
### Code Evidence
**Location**: `{file}:{line}`
```{language}
{code snippet with context}
Exploitation
Attack Vector: {Description} PoC: {Example exploit code or request} Prerequisites: {What attacker needs}
Impact
- C/I/A: {Confidentiality/Integrity/Availability impacts}
- Business: {Consequences}
Standards Mapping
- OWASP: {Category}
- CWE: CWE-{ID}
- CAPEC: CAPEC-{ID}
- Compliance: {PCI-DSS/GDPR/SOC2 requirements}
Security Patterns Violated
- {Pattern}: Expected {X}, found {Y}
Remediation
Priority: {Level}
{Fix code}
Steps: {Implementation guidance}
Validation
{Test commands or verification steps}
## Implementation Steps
1. **Load SARIF** - Parse JSON at $ARGUMENTS path
2. **Extract Issues** - Get `runs[].results[]` array
3. **For Each Issue**:
- Get location from `physicalLocation`
- Read code context if snippet missing
- Verify finding exists in source
- Calculate CVSS with justification
- Map to standards (OWASP/CWE/CAPEC)
- Generate remediation code
4. **Output Report** - Markdown format (primary)
### Quality Checklist
Before finalizing each issue:
- [ ] CVSS score calculated with justification
- [ ] Code evidence with context
- [ ] Realistic exploitation scenario
- [ ] Security pattern identified
- [ ] OWASP/CWE/CAPEC mapped
- [ ] Working remediation code
**SARIF Reference**: [SARIF 2.1.0 Spec](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)
## Example Usage
User: Analyze results.sarif and report critical/high issues Claude:
- Parse SARIF → 2. Filter by severity → 3. Verify each finding
- Calculate CVSS → 5. Map to standards → 6. Generate report
## Best Practices
| Practice | Why |
|----------|-----|
| Always verify | SAST tools produce false positives |
| Realistic exploitation | Theoretical attacks aren't useful |
| Working remediation code | Not pseudo-code |
| Complete standards mapping | OWASP/CWE/CAPEC/Compliance |
| Sufficient code context | Understand the full picture |
## Executive Summary Template
```markdown
# Security Analysis Report
**Tool**: {name} | **Date**: {date} | **Scope**: {files scanned}
## Overview
| Metric | Count |
|--------|-------|
| Total Issues | {n} |
| Verified | {n} |
| False Positives | {n} |
## Severity Distribution
Critical (9.0-10.0): {n} | High (7.0-8.9): {n} | Medium (4.0-6.9): {n} | Low (0.1-3.9): {n}
## Top Risks
1. {Issue} - CVSS {score}
2. {Issue} - CVSS {score}
3. {Issue} - CVSS {score}
Anti-Patterns
- Reporting unverified issues
- Generic remediation advice
- Missing exploitation scenarios
- Incomplete CVSS justification
- Ignoring code context
Success Criteria
- [ ] All critical/high issues verified
- [ ] CVSS scores justified
- [ ] Working exploitation examples
- [ ] Production-ready remediation code
- [ ] Complete standards mapping
References
- SARIF Spec
- CVSS Calculator
- OWASP Cheat Sheets
Helper script available: scripts/sarif_helper.py
Related Skills
igbuend/xss-anti-pattern
development
VerifiedTrustedCommunity
Security anti-pattern for Cross-Site Scripting vulnerabilities (CWE-79). Use when generating or reviewing code that renders HTML, handles user input in web pages, uses innerHTML/document.write, or builds dynamic web content. Covers Reflected, Stored, and DOM-based XSS. AI code has 86% XSS failure rate.
4SKILL.mdUpdated Apr 5, 2026
igbuend/xpath-injection-anti-pattern
development
VerifiedTrustedCommunity
Security anti-pattern for XPath injection vulnerabilities (CWE-643). Use when generating or reviewing code that queries XML documents, constructs XPath expressions, or handles user input in XML operations. Detects unescaped quotes and special characters in XPath queries.
4SKILL.mdUpdated Apr 5, 2026
igbuend/weak-password-hashing-anti-pattern
development
VerifiedTrustedCommunity
Security anti-pattern for weak password hashing (CWE-327, CWE-759). Use when generating or reviewing code that stores or verifies user passwords. Detects use of MD5, SHA1, SHA256 without salt, or missing password hashing entirely. Recommends bcrypt, Argon2, or scrypt.
4SKILL.mdUpdated Apr 5, 2026
igbuend/weak-encryption-anti-pattern
development
VerifiedTrustedCommunity
Security anti-pattern for weak encryption (CWE-326, CWE-327). Use when generating or reviewing code that encrypts data, handles encryption keys, or uses cryptographic modes. Detects DES, ECB mode, static IVs, and custom crypto implementations.
4SKILL.mdUpdated Apr 5, 2026