sarif-parsing
by trailofbitssarif-parsing is a post-scan skill for reading, filtering, deduplicating, summarizing, and converting SARIF 2.1.0 results from tools like CodeQL and Semgrep. Use it when you already have scan output and need clear parsing, aggregation, or CI/CD-ready transformation. It is not for running scans.
This skill scores 83/100, which means it is a solid directory listing for users who need to parse, filter, deduplicate, and convert SARIF output. The repository gives enough operational detail, trigger cues, and reusable helpers that agents can use it with far less guesswork than a generic prompt, though users should still expect some gaps in setup and edge-case guidance.
- Explicit trigger language covers common SARIF tasks like parsing, deduplication, filtering, aggregation, and CI/CD integration.
- Strong operational support from ready-to-use jq queries and a reusable Python helper module for loading, validating, normalizing paths, and structuring findings.
- Clear scope boundaries explain when not to use it, which helps agents avoid confusing SARIF processing with scanning or rule authoring.
- No install command or setup instructions are provided in SKILL.md, so adoption may require manual discovery of how to wire it in.
- The repository appears focused on parsing workflows rather than full end-to-end analysis, so users needing scan execution or rule-writing still need other skills.
Overview of sarif-parsing skill
sarif-parsing is a practical skill for reading, filtering, and transforming SARIF 2.1.0 scan output from tools like CodeQL, Semgrep, and other static analyzers. Use the sarif-parsing skill when the problem is “I already have scan results; now I need to understand, deduplicate, summarize, or convert them” rather than “run a scan.”
What this skill is for
This skill helps with the tasks that usually block adoption after a scan completes: extracting the signal from noisy results, comparing runs, normalizing file paths, and preparing findings for CI/CD or downstream tooling. It is especially useful for teams that need consistent SARIF handling across multiple scanners or repositories.
Where it fits in your workflow
sarif-parsing is a post-scan workflow skill. If you need to generate SARIF, use the scanner-specific skill first; if you need to interpret, aggregate, or reshape SARIF, this skill is the right layer. That boundary matters because it avoids mixing scan configuration with result processing.
Main differentiators
The skill is strongest when you need repeatable result processing instead of ad hoc prompt interpretation. It includes concrete SARIF structure guidance, ready-to-use query patterns, and helper utilities for common parsing tasks, which makes sarif-parsing more actionable than a generic “analyze this JSON” prompt.
How to Use sarif-parsing skill
sarif-parsing install and activation
Install the skill in the usual directory workflow with:
npx skills add trailofbits/skills --skill sarif-parsing
Then invoke it when your prompt clearly states that the input is SARIF and the desired output is a parsing task such as filtering, aggregation, deduplication, or conversion. The sarif-parsing install is most effective when you keep the file path to the SARIF artifact explicit, for example results.sarif or a CI artifact URL.
Give the skill the right input
Good sarif-parsing usage starts with three details: the SARIF file, the tool source, and the decision you want to make from the data. A weak request says “analyze this SARIF”; a stronger one says “deduplicate findings in results.sarif, group by ruleId, and return only unique error-level issues with file and line numbers.” The more specific the desired transformation, the less the skill has to infer.
Read these files first
For practical sarif-parsing for Code Editing or automation work, preview SKILL.md first, then resources/jq-queries.md for copyable query patterns and resources/sarif_helpers.py for path normalization and finding extraction logic. Those files show the intended workflow better than a shallow repo skim and help you align your prompt with the existing utilities.
Prompt patterns that work
Use prompts that name the operation, the target fields, and the output shape. Examples:
- “Parse this SARIF and list unique
ruleIdvalues with counts.” - “Filter to warnings and errors, grouped by file path.”
- “Convert SARIF findings into a CSV-ready table with tool name, rule, file, and line.”
- “Compare two SARIF files and identify findings that disappeared between runs.”
sarif-parsing skill FAQ
Is sarif-parsing only for security scanners?
No. It is for SARIF producers in general, including CodeQL, Semgrep, and other tools that emit standard SARIF. The skill is still most valuable when the output needs post-processing rather than raw inspection.
When should I not use sarif-parsing?
Do not use sarif-parsing if you need to run scans, author rules, or inspect source code directly. It is also not the right fit if you have no SARIF input yet, because the skill assumes a results file already exists.
Is this better than a generic prompt?
Usually yes, because sarif-parsing encodes the structure and common operations of SARIF instead of treating it like arbitrary JSON. That makes it better for tasks like deduplication, severity filtering, and location extraction, where a generic prompt often misses fields or returns inconsistent shapes.
Is sarif-parsing suitable for beginners?
Yes, if the user can identify the SARIF file and the goal. Beginners usually get the best results by asking for one transformation at a time, such as “show me the top 10 rules by count” or “extract all findings in src/.” The skill is more approachable when the request is concrete.
How to Improve sarif-parsing skill
Be precise about the transformation
The fastest way to improve sarif-parsing results is to specify the exact operation and output format. Instead of asking for “summary,” ask for “group by ruleId, count by severity, and return a markdown table.” Instead of “filter findings,” ask for the rule IDs, levels, and path rules you want applied.
Provide enough SARIF context
Results improve when you include the scanner name, SARIF version if known, and whether paths are repo-relative, absolute, or URI-encoded. That context helps the skill avoid bad assumptions about normalization, duplication, and file matching, which are common failure modes in SARIF parsing.
Iterate from raw findings to decisions
A good sarif-parsing guide workflow is: first extract and normalize findings, then aggregate, then decide what to ignore or escalate. If the first output is too noisy, narrow by level, ruleId, directory, or tool run before asking for a final report. This produces clearer signal than trying to solve triage in one pass.
Watch for common SARIF pitfalls
The main traps are missing locations, multiple runs in one file, duplicated results across tools, and file URIs that need normalization before matching. If your output looks incomplete, ask the skill to account for all runs and to preserve raw fields alongside normalized ones.