Security Ownership Map

/security-ownership-mapOfficial

Map maintainers, bus factor, and sensitive code ownership from git history for security risk analysis.

SecurityGitAnalysisRisk· 2 min read

Quick import: Download the .md file and save it to .claude/commands/ (Claude Code), .cursorrules (Cursor), or paste as a system prompt in ChatGPT, Gemini, or any LLM API.

#What it does

The security-ownership-map skill analyzes git repositories to build a security ownership topology (people-to-file mapping), computes bus factor and sensitive-code ownership, and exports CSV/JSON artifacts for graph databases and visualization. It also builds a file co-change graph using Jaccard similarity to cluster files by how they move together.

#How to use

bash

$security-ownership-map

Build a security ownership map for this repository and identify bus-factor risks in sensitive code.

#Workflow

Scope the repo -- Define time window with optional --since/--until
Set sensitivity rules -- Use defaults or provide a CSV config for custom rules
Build the ownership map -- Run scripts/run_ownership_map.py with co-change analysis
Analyze communities -- Community detection computed by default
Query outputs -- Use scripts/query_ownership.py for bounded JSON slices
Visualize -- Export to Neo4j or Gephi for graph visualization

#What it identifies

Bus factor risks -- Code areas with a single maintainer
Orphaned sensitive code -- Security-critical files with no active maintainer
Ownership clusters -- Groups of files that change together
CODEOWNERS gaps -- Reality checks against declared ownership
Sensitive hotspots -- High-churn files in security-sensitive areas

#Requirements

Python 3
networkx package (pip install networkx)

This skill is from the OpenAI Skills Catalog.

OpenAI·16 Mar, 2026

View all skills