SAST Triage
Triage static analysis findings from gosec, golangci-lint, and govulncheck — classify severity, filter false positives, and prioritize remediation
Best use case
SAST Triage is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Triage static analysis findings from gosec, golangci-lint, and govulncheck — classify severity, filter false positives, and prioritize remediation
Teams using SAST Triage should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/sast-triage/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How SAST Triage Compares
| Feature / Agent | SAST Triage | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Triage static analysis findings from gosec, golangci-lint, and govulncheck — classify severity, filter false positives, and prioritize remediation
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# SAST Triage Skill Systematically triage static application security testing (SAST) results to separate real vulnerabilities from false positives and prioritize remediation. ## Trigger Conditions - CI security scan produces findings - `gosec`, `golangci-lint`, or `govulncheck` run completes - Dependency update introduces new vulnerabilities - User invokes with "triage security findings" or "sast-triage" ## Input Contract - **Required:** SAST tool output (gosec JSON, golangci-lint output, govulncheck results) - **Optional:** Previous triage results for delta comparison ## Output Contract - Classified findings: Critical/High/Medium/Low/FalsePositive - CWE/CVE mapping for each finding - Remediation priority with estimated effort - False positive justifications ## Tool Permissions - **Read:** All Go source files, SAST output, go.mod, go.sum - **Write:** Triage report - **Search:** Grep for vulnerable patterns, dependency versions - **Shell:** Run `gosec`, `govulncheck`, `golangci-lint` ## Execution Steps 1. **Collect findings**: Run or parse SAST tool outputs 2. **Deduplicate**: Merge findings across tools that point to the same issue 4. **Filter false positives**: Identify findings that are false positives due to context (e.g., test files, disabled code) 5. **Map to CWE/CVE**: Link each finding to its CWE or CVE identifier 7. **Report**: Produce triage report with actions for each finding
Related Skills
sast-configuration
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or aut...
u01899-handoff-contracting-for-disaster-response-networks
Operate the "Handoff Contracting for disaster response networks" capability in production for disaster response networks workflows. Use when mission execution explicitly requires this capability and outcomes must be reproducible, policy-gated, and handoff-ready.
sast-scanning
Perform static application security testing with tools like Semgrep, CodeQL, and SonarQube. Identify security vulnerabilities in source code before deployment. Use when implementing secure SDLC, code review automation, or security gates in CI/CD pipelines.
pr-triage
Go through open pull requests, check their status, and take actions to move them forward. This includes triaging PRs, fixing CI, resolving feedback, merging, or managing PR workflow. Use when asked to triage PRs, go through open PRs, or manage PR workflow.
email-triage-draft-replies
Review unread email, categorize it, and draft replies (no sending without approval)
Tech Debt Triage
Score, prioritize, and plan technical debt remediation
Triage Workflow
This skill provides standardized workflows for rapid incident triage and initial assessment. For comprehensive triage procedures, decision trees, and real-world scenarios, please refer to the main **I
Disaster Recovery
Disaster Recovery encompasses strategies and procedures for recovering from catastrophic failures and ensuring business continuity. This includes backup strategies, failover mechanisms, data recovery
bgo
Automated Blender build-go workflow. Automatically builds, removes old version, installs, enables, and launches Blender with your extension/add-on. Use when you want to quickly test changes, execute complete build-to-launch cycle, or run custom packaging scripts with automatic Blender launch.
fireflies-automation
Automate Fireflies tasks via Rube MCP (Composio). Always search tools first for current schemas.
fireberry-automation
Automate Fireberry tasks via Rube MCP (Composio). Always search tools first for current schemas.
finmei-automation
Automate Finmei tasks via Rube MCP (Composio). Always search tools first for current schemas.