Loading...
Loading...
Found 3 Skills
Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.
Analyze CVE vulnerabilities in Java and JavaScript components, determine false positives, and provide upgrade recommendations. Use this when users provide a CVE number and affected object, e.g., CVE-2024-38816 and spring-webmvc-5.3.39.jar. Supports false positive analysis, compatibility risk assessment, and standard report generation.
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.