triaging-vulnerability-findings

Community

Rank scanner findings, fix the real risks.

Authorrocklambros
Version1.0.0
Installs0

System Documentation

What problem does it solve?

It turns overwhelming security scanner output into a ranked, defensible triage so teams can focus on the findings that matter most and avoid wasting time on noise.

Core Features & Use Cases

  • Deduplicates the same issue across Semgrep, CodeQL, Bandit, Snyk, and Trivy so one vulnerability is counted once.
  • Classifies findings by reachability, separating production issues from test-only, vendored, generated, or dead-code paths.
  • Enriches vulnerable dependency findings with EPSS and priority scoring to surface the highest-risk items first.
  • Recommends suppressions only with explicit rationale, preserving auditability instead of silently hiding results.
  • Use it when you receive a SARIF export, need a PR-ready security comment, or must decide what to fix this week versus what can be deferred.

Quick Start

Use this skill to triage the attached SARIF files, rank the findings by severity and reachability, and draft a PR-ready comment with any suppression recommendations and rationales.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: triaging-vulnerability-findings
Download link: https://github.com/rocklambros/rcs/archive/main.zip#triaging-vulnerability-findings

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.