developer security user risk: medium
GHAS Alerts and Repo Vulnerability Analyzer
Analyzes code scanning security issues, vulnerable dependency updates, and GHAS alerts across repositories. Identifies root causes between dependencies and base images, detects rep…
- Policy sensitive
- Human review
PROMPT
this is for repo Analyze code scanning security issues and dependency updates if vulnerable Analyze GHAS alerts across repositories Identify dependency vs base image root causes Detect repeated vulnerability patterns Prioritize remediation based on severity and exposure
REQUIRED CONTEXT
- code scanning security issues
- GHAS alerts
- repositories
ROLES & RULES
- Analyze code scanning security issues and dependency updates if vulnerable
- Analyze GHAS alerts across repositories
- Identify dependency vs base image root causes
- Detect repeated vulnerability patterns
- Prioritize remediation based on severity and exposure
EXPECTED OUTPUT
- Format
- structured_report
SUCCESS CRITERIA
- Analyze code scanning security issues and dependency updates if vulnerable
- Analyze GHAS alerts across repositories
- Identify dependency vs base image root causes
- Detect repeated vulnerability patterns
- Prioritize remediation based on severity and exposure
FAILURE MODES
- Lacks specific repository data or GHAS alerts to analyze
- Vague scope without input context
- May misinterpret 'repo' without provided details
CAVEATS
- Dependencies
-
- Repository code scanning data
- GHAS alerts across repositories
- Dependency and base image vulnerability information
- Missing context
-
- Specific repositories or list of repositories to analyze.
- Access method or tools for GHAS alerts.
- Desired output format (e.g., report, table).
- Criteria details for prioritization (e.g., CVSS scores, exposure metrics).
- Ambiguities
-
- 'this is for repo' unclear if single repo or multiple, and which one.
- 'dependency updates if vulnerable' ambiguous phrasing.
- 'GHAS alerts' assumes prior knowledge without definition.
- No specified output format or structure.
QUALITY
- OVERALL
- 0.40
- CLARITY
- 0.50
- SPECIFICITY
- 0.30
- REUSABILITY
- 0.40
- COMPLETENESS
- 0.30
IMPROVEMENT SUGGESTIONS
- Add input placeholder: 'Given repositories: [REPO_LIST]'
- Structure as a bulleted or numbered list with full sentences for each task.
- Specify output: 'Output a markdown report with sections for each analysis, ending with a prioritized remediation list.'
- Define acronyms: 'GHAS (GitHub Advanced Security)' and provide examples.
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR DEVELOPER
- Python Security Code Auditordevelopersecurity
- Arcjet AI Endpoint Protection Implementerdevelopersecurity
- Multi-Layer Data Validation Implementerdevelopersecurity
- Git Diff Security Auditordevelopersecurity
- Cybersecurity Viral Tool Architectdevelopersecurity
- LLM Security Vulnerability Analyzerdevelopersecurity
- AI Agent Security Evaluation Checklist Creatordevelopersecurity
- Cyberscam Survival Simulator Specificationdevelopersecurity
- AI Agent Permissions Updater for Claude Geminidevelopersecurity
- Codebase Security Fix and Test Writerdevelopersecurity