Stats
Actions
Tags
From microshift-dev
Check if a MicroShift CVE Jira ticket is fixed in the latest Brew nightly golang build
How this skill is triggered — by the user, by Claude, or both
Slash command
/microshift-dev:golang-cve-analyzerThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
```bash
/microshift-dev:golang-cve-analyzer <jira-id> [--verbose]
Validates that a Jira ticket is a CVE bug with MicroShift component, extracts the target OCP minor version, and checks whether the CVE is already fixed in the Go toolchain used by the latest MicroShift nightly Brew build.
| Requirement | Needed for | Mandatory? |
|---|---|---|
| VPN | Brew API access | Yes |
Jira MCP (mcp-atlassian) | Fetching ticket details | Yes |
JIRA_USERNAME / JIRA_API_TOKEN | Jira MCP authentication | Yes |
$ARGUMENTS (required): A Jira issue key (e.g., OCPBUGS-12345) and optional --verbose flag.All scripts are run relative to the plugin directory:
SCRIPTS_DIR=${PLUGIN_DIR}/scripts
[A-Z]+-\d+ pattern--verbose flagIf the mcp__mcp-atlassian__jira_get_issue tool is not available, stop and show:
The mcp-atlassian MCP is required but not enabled in this session.
To enable it, install the mcp-atlassian plugin:
/plugin marketplace add openshift-eng/edge-tooling
Select `mcp-atlassian` when prompted. Ensure JIRA_USERNAME and JIRA_API_TOKEN are set.
Then restart Claude Code and re-run the command.
Otherwise, fetch the ticket:
mcp__mcp-atlassian__jira_get_issue(
issue_key="<jira-id>",
fields="summary,status,components,versions,fixVersions,labels,description,issuetype"
)
Perform these checks on the returned ticket. If any check fails, report the failure and stop.
MicroShift component check: At least one entry in components must contain "MicroShift" (case-insensitive). If not:
FAILED: Not a MicroShift ticket. Components: <list of components or "none">
CVE check: The ticket summary or description must contain at least one CVE ID (pattern CVE-YYYY-NNNNN). Extract all CVE IDs found. If none:
FAILED: No CVE ID found in summary or description
If both checks pass, display:
Ticket : <KEY> - <summary>
Status : <status>
CVEs : <comma-separated CVE IDs>
Determine the X.Y minor version from the ticket, checking in this order:
fixVersions — look for a version matching 4.\d+ patternversions (affected versions) — same patternsummary — extract 4.\d+ from the titleIf no version can be determined:
FAILED: Could not determine X.Y version from ticket fields
Run the brew_golang_cves.py script with the extracted version:
python3 ${SCRIPTS_DIR}/brew_golang_cves.py <X.Y> --json
If the script exits non-zero, display stderr and suggest:
Parse the JSON output to get:
microshift_build.nvr — the MicroShift nightly build NVRgolang.nvr — the golang version usedcves — list of all CVEs fixed in that golang versionCompare the CVE IDs from the Jira ticket (Step 3) against the CVEs from the golang changelog (Step 5).
For each CVE from the ticket, check if it appears in the golang CVE list.
Display the result in this format:
Ticket : <KEY> - <summary>
Status : <status>
CVEs : <CVE-IDs from ticket>
Version : <X.Y>
MicroShift build : <microshift NVR>
Golang version : <golang NVR>
OK CVE-YYYY-NNNNN (fixed <date>, release <golang-release>)
MISSING CVE-YYYY-NNNNN
OK means the CVE is present in the golang changelog (already fixed)MISSING means the CVE is NOT in the golang changelog (not yet fixed in this golang version)If --verbose was passed, also list all CVEs fixed in the golang version:
All CVEs in golang <golang-nvr>:
<date> <CVE-ID>
<date> <CVE-ID>
...
End with a one-line summary:
All CVEs from <KEY> are fixed in golang <golang-nvr>.<N> of <total> CVEs from <KEY> are NOT fixed in golang <golang-nvr>.Do NOT add any additional commentary or explanation beyond this.
/microshift-dev:golang-cve-analyzer OCPBUGS-12345
/microshift-dev:golang-cve-analyzer OCPBUGS-12345 --verbose
npx claudepluginhub openshift-eng/edge-tooling --plugin microshift-devGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.