Audit Augmentation

Projects findings from external tools (SARIF) and human auditors (weAudit) onto Trailmark code graphs as annotations and subgraphs.

When to Use

• Importing Semgrep, CodeQL, or other SARIF-producing tool results into a graph
• Importing weAudit audit annotations into a graph
• Cross-referencing static analysis findings with blast radius or taint data
• Querying which functions have high-severity findings
• Visualizing audit coverage alongside code structure

When NOT to Use

• Running static analysis tools (use semgrep/codeql directly, then import)
• Building the code graph itself (use the trailmark skill)
• Generating diagrams (use the diagramming-code skill after augmenting)