by openai
Analyze git repositories to build security ownership topology, compute bus factor for sensitive code, detect orphaned security-critical files, and export ownership graphs for visualization.
npx @qaskills/cli add security-ownership-mapAuto-detects your AI agent and installs the skill. Works with Claude Code, Cursor, Copilot, and more.
Build a bipartite graph of people and files from git history to compute ownership risk, detect orphaned security-critical code, and identify bus factor hotspots.
This skill analyzes git repositories to answer critical security ownership questions:
--since / --until parameterspython run_ownership_map.py \
--repo . \
--out ownership-map-out \
--since "12 months ago" \
--emit-commits
# Orphaned sensitive code (stale + low bus factor)
python query_ownership.py --data-dir ownership-map-out summary --section orphaned_sensitive_code
# Hidden owners for sensitive tags
python query_ownership.py --data-dir ownership-map-out summary --section hidden_owners
# Sensitive hotspots with low bus factor
python query_ownership.py --data-dir ownership-map-out summary --section bus_factor_hotspots
# Auth/crypto files with bus factor <= 1
python query_ownership.py --data-dir ownership-map-out files --tag auth --bus-factor-max 1
The analysis produces:
people.csv — Nodes: people with timezone detectionfiles.csv — Nodes: files with sensitivity tagsedges.csv — Edges: touch relationshipscochange_edges.csv — File-to-file co-change edges with Jaccard weightsummary.json — Security ownership findingscommunities.json — Code community clusters with maintainersDefault rules flag common sensitive paths:
# pattern,tag,weight
**/auth/**,auth,1.0
**/crypto/**,crypto,1.0
**/*.pem,secrets,1.0
**/middleware/auth*,auth,1.0
**/password*,auth,0.8
Override with --sensitive-config path/to/sensitive.csv.
--ignore-author-regex '(bot|dependabot)'--window-days 90 to smooth churn effects- name: Install QA Skills
run: npx @qaskills/cli add security-ownership-map10 of 29 agents supported