SARIF Results Parser
Parse, filter, deduplicate, and convert SARIF output from CodeQL, Semgrep, and other scanners. Aggregate findings across tools and wire results into CI/CD without re-running the scans themselves.
Static analysis tools all speak SARIF but each dumps noisy, overlapping results. This skill reads SARIF files, deduplicates alerts across tools, filters by severity or rule, converts to other formats, and produces clean summaries you can gate a pipeline on.
When to use
Use after running CodeQL or Semgrep to merge and deduplicate findings, filter false positives, or convert SARIF into a digestible report for code review and CI gates.
Examples
Merge scanner output
Combine and dedupe CodeQL and Semgrep findings
Parse these two SARIF files and produce a single deduplicated list of high-severity findings
Gate a pipeline
Fail CI on new critical alerts
Filter this SARIF to only new critical findings so we can fail the build on them