sarif-parsing

This skill acts as a specialized assistant for handling SARIF (Static Analysis Results Interchange Format) 2.1.0 data. Designed for security engineers and developers, it enables the programmatic interpretation of output from scanners such as CodeQL, Semgrep, and other static analysis tools. By providing structured access to findings, it allows users to perform complex data manipulation, normalization, and reporting without manual overhead. It is particularly valuable in multi-tool environments where normalizing different alert formats is necessary to maintain a clear security posture.

• Perform deep analysis of SARIF logs using command-line tools like jq for rapid exploration.

• Implement complex Python-based parsing pipelines with libraries like pysarif and sarif-tools to aggregate results across multiple scan runs.

• Automate the deduplication of security alerts and filter noise based on rule IDs, severity levels (error/warning/note), or specific file locations.

• Convert SARIF findings into human-readable formats such as CSV or HTML reports for team-wide visibility.

• Extract metadata including fingerprints, partial fingerprints, and artifact locations to track vulnerabilities across different branches or build environments.

• The skill is intended for processing pre-generated scan results; it does not execute static analysis scans directly—use dedicated tools like Semgrep or CodeQL skills for that purpose.

• Users should be familiar with the SARIF 2.1.0 specification structure, including the hierarchy of runs, results, and physicalLocation elements.

• Leverage fingerprints to perform baseline comparisons, identify regressions in pull requests, and maintain suppression lists for known false positives.

• Ensure input files are valid JSON SARIF logs for optimal parsing performance.

• Use the provided strategies to integrate findings into CI/CD pipelines, enabling automated quality gates that fail builds based on security severity thresholds.