security-ownership-map

What it does

This skill analyzes Git repositories to determine the individuals responsible for specific files within them. It calculates the "bus factor," representing the number of people who own critical code, and identifies owners of potentially sensitive code sections. The results can be exported in CSV or JSON formats, making them suitable for integration with graph databases and visualization tools.

When to use it

• Security Audits: Identify potential single points of failure by determining which files have limited ownership.
• Onboarding New Engineers: Quickly understand code ownership and dependencies when a new team member joins.
• Risk Assessment: Evaluate the risk associated with sensitive code sections lacking clear ownership.
• Knowledge Transfer Planning: Facilitate knowledge transfer efforts by pinpointing individuals responsible for key components.

Key capabilities

• Analyzes Git repositories to map people to files.
• Calculates bus factor based on file ownership.
• Identifies owners of sensitive code.
• Exports data in CSV and JSON formats.
• Triggers automated analysis.

Example prompts

• "Analyze the repository https://github.com/openai/whisper for security ownership."
• "Generate a CSV report showing file ownership and bus factor for the llama project."
• "Identify owners of files containing API keys in the stable-diffusion repository, export as JSON."

Tips & gotchas

• The skill requires read access to the specified Git repository. Ensure appropriate permissions are granted before running the analysis.
• Accuracy depends on commit history and consistent coding practices; incomplete or obscured ownership information may affect results.