triaging-vulnerability-findings
CommunityRank scanner findings, fix the real risks.
Authorrocklambros
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It turns overwhelming security scanner output into a ranked, defensible triage so teams can focus on the findings that matter most and avoid wasting time on noise.
Core Features & Use Cases
- Deduplicates the same issue across Semgrep, CodeQL, Bandit, Snyk, and Trivy so one vulnerability is counted once.
- Classifies findings by reachability, separating production issues from test-only, vendored, generated, or dead-code paths.
- Enriches vulnerable dependency findings with EPSS and priority scoring to surface the highest-risk items first.
- Recommends suppressions only with explicit rationale, preserving auditability instead of silently hiding results.
- Use it when you receive a SARIF export, need a PR-ready security comment, or must decide what to fix this week versus what can be deferred.
Quick Start
Use this skill to triage the attached SARIF files, rank the findings by severity and reachability, and draft a PR-ready comment with any suppression recommendations and rationales.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: triaging-vulnerability-findings Download link: https://github.com/rocklambros/rcs/archive/main.zip#triaging-vulnerability-findings Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.