Skills / Engineering / SARIF Results Parser

SARIF Results Parser

Parse, filter, deduplicate, and convert SARIF output from CodeQL, Semgrep, and other scanners. Aggregate findings across tools and wire results into CI/CD without re-running the scans themselves.

Static analysis tools all speak SARIF but each dumps noisy, overlapping results. This skill reads SARIF files, deduplicates alerts across tools, filters by severity or rule, converts to other formats, and produces clean summaries you can gate a pipeline on.

security sarif static-analysis ci-cd triage

When to use

Use after running CodeQL or Semgrep to merge and deduplicate findings, filter false positives, or convert SARIF into a digestible report for code review and CI gates.

Examples

Merge scanner output

Combine and dedupe CodeQL and Semgrep findings

Parse these two SARIF files and produce a single deduplicated list of high-severity findings

Gate a pipeline

Fail CI on new critical alerts

Filter this SARIF to only new critical findings so we can fail the build on them
Added to wishlist