Skills
.Work. You
Rest

fortify-exploitability-analysis

Official

Assess CVE exploitability in Fortify contexts.

Software Engineering#cve#dependency-analysis#sca#exploitability#reachability#cyclonedx#openvex
Authorfortify
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Triages whether a known CVE/GHSA vulnerability in a dependency is actually exploitable in a given project, producing a structured verdict and actionable guidance for remediation.

Core Features & Use Cases

The skill follows a disciplined, reproducible workflow from CVE input to a human-readable report and a machine-readable VEX artifact, including dependency enumeration, reachability analysis, path enumeration, and per-path assessment across ecosystems (Maven/Gradle, npm, Python, Go, etc.). It outputs two artifacts alongside citations to sources: a Markdown impact report and a CycloneDX VEX JSON, enabling integration with Dependency-Track, GitLab Vulnerability Management, FoD/SSC suppressions, and other tooling.

Quick Start

Provide the CVE/GHSA identifier and the project root; the skill will generate the corresponding vex outputs and a reproducible evidence trail.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: fortify-exploitability-analysis
Download link: https://github.com/fortify/skills/archive/main.zip#fortify-exploitability-analysis

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.