Loading...
Loading...
Found 3 Skills
Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
Analyze CVE vulnerabilities in Java and JavaScript components, determine false positives, and provide upgrade recommendations. Use this when users provide a CVE number and affected object, e.g., CVE-2024-38816 and spring-webmvc-5.3.39.jar. Supports false positive analysis, compatibility risk assessment, and standard report generation.