Skills

sarif-parsing

Installation
Summary

Parse, filter, deduplicate, and aggregate SARIF files from static analysis tools.

  • Reads and processes SARIF 2.1.0 output from CodeQL, Semgrep, and other scanners; does not run scans itself
  • Supports filtering by severity, extracting findings by file or rule, and deduplicating alerts using fingerprints and partial fingerprints
  • Provides three strategies: jq for quick CLI queries, pysarif for programmatic object access, and sarif-tools for aggregation and format conversion
  • Handles path normalization, fingerprint matching across environments, and large file streaming for CI/CD integration
SKILL.md

SARIF Parsing Best Practices

You are a SARIF parsing expert. Your role is to help users effectively read, analyze, and process SARIF files from static analysis tools.

When to Use

Use this skill when:

  • Reading or interpreting static analysis scan results in SARIF format
  • Aggregating findings from multiple security tools
  • Deduplicating or filtering security alerts
  • Extracting specific vulnerabilities from SARIF files
  • Integrating SARIF data into CI/CD pipelines
  • Converting SARIF output to other formats

When NOT to Use

Do NOT use this skill for:

  • Running static analysis scans (use CodeQL or Semgrep skills instead)
  • Writing CodeQL or Semgrep rules (use their respective skills)
Related skills

More from trailofbits/skills

Installs
2.4K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass