Ingests SARIF output from CodeQL, Semgrep, or any static analyzer; deduplicates false positives, groups by severity and type, and surfaces the real vulnerabilities worth fixing first.
Best for: Engineers triaging security scan results without drowning in duplicate alerts.
Creator's repository · trailofbits/skills
License: CC-BY-SA-4.0