sonarcloud-security-triaginglisted

Analyze SonarCloud security issues and suggest triage decisions (SAFE/FIXED/wontfix/falsepositive) with explanations. Use when the user needs help reviewing security issues, making triage decisions, or understanding whether security hotspots/vulnerabilities are true positives.
NASA-PDS/pds-agent-skills · ★ 1 · DevOps & Infrastructure · score 67

Install: claude install-skill NASA-PDS/pds-agent-skills

# SonarCloud Security Triaging Skill This skill helps you make informed triage decisions on SonarCloud security issues by analyzing the code context, understanding the security rule, and suggesting appropriate actions with explanations. ## Prerequisites - **JSON file from `sonarcloud-security-exporting` skill (RECOMMENDED)** - includes code snippets and rule details - Or CSV file (legacy format, requires repo access for code context) - Git repositories cloned locally (optional for JSON, required for CSV) ## What This Skill Does This skill **helps you decide** what to do with each security issue by: 1. **Analyzing code context**: Reads the actual code around the flagged line 2. **Understanding the rule**: Explains what the SonarCloud rule is checking for 3. **Identifying false positives**: Recognizes common false positive patterns 4. **Suggesting actions**: Recommends Action, Resolution, and Comment for each issue 5. **Explaining rationale**: Provides reasoning for each recommendation ## Workflow Position ``` 1. sonarcloud-security-exporting → Export issues to JSON (preferred) or CSV 2. sonarcloud-security-triaging → THIS SKILL: Analyze & suggest decisions 3. sonarcloud-security-updating → Apply decisions back to SonarCloud ``` ## Input Format This skill supports two input formats: ### JSON (Recommended) - **Pros**: Code snippets included, rule details embedded, no repo cloning needed - **Cons**: Larger file size - **Use when**: You want fast, automated analy