Reorganize additional skills directory and add memory-safe migration skill#49
Merged
santosomar merged 4 commits intomainfrom Apr 15, 2026
Merged
Conversation
…skill Move OWASP reference skills from sources/owasp/ to sources/additional-skills/owasp/ to establish a cleaner directory structure for additional skills. Add the new memory-safe language migration skill under sources/additional-skills/memory-safe-migration/ with SKILL.md, reference documents (language selection, FFI security, migration patterns, assessment checklist), and a static analysis assessment script. Closes #46, closes #47, closes #48 Made-with: Cursor
santosomar
requested review from
aacarter1,
ramraaj25,
shrey-bagga and
thomas-bartlett
santosomar
added
documentation
There was a problem hiding this comment.
Pull request overview
This pull request restructures CodeGuard’s non-core rule sources by moving the OWASP reference set under a new sources/additional-skills/ namespace and adds a new “memory-safe migration” skill (docs + static analysis script) to guide migrations from C/C++ to memory-safe languages.
Changes:
- Relocate OWASP supplementary rules into
sources/additional-skills/owasp/(path reorg for extensibility). - Add
sources/additional-skills/memory-safe-migration/skill content (SKILL + references + assessment script). - Introduce a Python-based static assessment tool to prioritize C/C++ migration targets.
Reviewed changes
Copilot reviewed 6 out of 92 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| sources/additional-skills/owasp/codeguard-0-ajax-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-attack-surface-analysis.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-authentication.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-authorization-testing-automation.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-authorization.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-bean-validation.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-browser-extension-vulnerabilities.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-c-based-toolchain-hardening.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-choosing-and-using-security-questions.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-ci-cd-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-clickjacking-defense.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-content-security-policy.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-cookie-theft-mitigation.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-credential-stuffing-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-cross-site-request-forgery-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-cross-site-scripting-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-cryptographic-storage.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-cw-cryptographic-security-guidelines.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-cw-memory-string-usage-guidelines.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-database-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-deserialization.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-django-rest-framework.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-django-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-docker-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-dom-based-xss-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-dom-clobbering-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-dotnet-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-error-handling.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-file-upload.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-forgot-password.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-graphql.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-html5-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-http-headers.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-http-strict-transport-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-injection-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-input-validation.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-insecure-direct-object-reference-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-jaas.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-java-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-json-web-token-for-java.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-key-management.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-kubernetes-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-laravel.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-ldap-injection-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-legacy-application-management.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-logging-vocabulary.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-mass-assignment.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-microservices-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-mobile-application-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-multifactor-authentication.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-network-segmentation.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-nodejs-docker.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-nodejs-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-npm-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-oauth2.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-open-redirect.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-os-command-injection-defense.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-password-storage.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-php-configuration.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-pinning.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-prototype-pollution-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-query-parameterization.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-rest-assessment.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-rest-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-ruby-on-rails.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-safe-c-functions.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-saml-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-securing-cascading-style-sheets.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-server-side-request-forgery-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-session-management.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-sql-injection-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-symfony.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-third-party-javascript-management.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-threat-modeling.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-transaction-authorization.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-transport-layer-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-unvalidated-redirects-and-forwards.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-user-privacy-protection.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-virtual-patching.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-vulnerable-dependency-management.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-web-service-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-xml-external-entity-prevention.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-xml-security.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-xs-leaks.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-xss-filter-evasion.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/owasp/codeguard-0-zero-trust-architecture.md | Relocated OWASP supplementary rule under additional-skills/owasp. |
| sources/additional-skills/memory-safe-migration/SKILL.md | New Agent Skill: memory-safe migration guidance and workflow. |
| sources/additional-skills/memory-safe-migration/references/assessment-checklist.md | New reference: migration priority/feasibility checklist. |
| sources/additional-skills/memory-safe-migration/references/ffi-security.md | New reference: secure FFI boundary rules and examples. |
| sources/additional-skills/memory-safe-migration/references/language-selection.md | New reference: decision matrix for choosing a memory-safe target language. |
| sources/additional-skills/memory-safe-migration/references/migration-patterns.md | New reference: common migration patterns with side-by-side examples. |
| sources/additional-skills/memory-safe-migration/scripts/assess-migration.py | New tool: static analysis-style heuristic scoring for C/C++ migration prioritization. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
|
One compatibility concern with the OWASP reorg: this PR moves the supplementary rules from I noticed this in the CLI help and docs (for example Since The practical impact is that downstream users or CI jobs following the documented command may either fail their builds or unintentionally stop including the OWASP supplementary bundle. Should we add either:
Either option would make the transition much smoother for existing users. The directory cleanup itself makes sense; this just looks like the migration path needs one more step. |
Contributor
Author
|
Great point and suggestion @shrey-bagga ! please feel free to modify as neeed |
Existing users and CI jobs using `--source core owasp` will continue to work after the sources/owasp → sources/additional-skills/owasp move. The alias prints an informational note and resolves transparently. Made-with: Cursor
ramraaj25
force-pushed
the
feat/additional-skills-and-memory-safe-migration
branch
from
30cefb1 to
43de01f
Compare
Contributor
|
@santosomar I have updated the PR with necessary changes as suggested by @shrey-bagga. |
ramraaj25
approved these changes
Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sources/owasp/→sources/additional-skills/owasp/) to establish a cleaner, extensible structure for additional skills beyond the core bundled rules (Organize reference skills/rules #47)sources/additional-skills/memory-safe-migration/with a complete SKILL.md following the Agent Skills open standard, four reference documents (language selection, FFI security, migration patterns, assessment checklist), and a Python static analysis assessment script (Proposed new reference skill: Memory-safe language migration #46, Add memory-safe language migration skill to/sources/additional-skills#48)New files
Motivation
Memory safety vulnerabilities account for 60–70% of critical CVEs in major software projects. This skill guides AI coding agents to default to memory-safe languages for new code and provides structured migration guidance aligned with CISA/NSA memory safety recommendations.
Closes #46, closes #47, closes #48
Test plan
sources/additional-skills/owasp/with no content changesSKILL.mdfollows the Agent Skills open standard format with valid YAML frontmatterassess-migration.pyruns without errors (python3 scripts/assess-migration.py --help)