security-ownership-map

# Security Ownership Map ## Overview Build a bipartite graph of people and files from git history, then compute ownership risk and export graph artifacts for Neo4j/Gephi. Also build a file co-change graph (Jaccard similarity on shared commits) to cluster files by how they move together while ignoring large, noisy commits. ## Requirements - Python 3 - `networkx` (required; community detection is enabled by default) Install with: ```bash pip install networkx ``` ## Workflow 1. Scope the repo and time window (optional `--since/--until`). 2. Decide sensitivity rules (use defaults or provide a CSV config). 3. Build the ownership map with `scripts/run_ownership_map.py` (co-change graph is on by default; use `--cochange-max-files` to ignore supernode commits). 4. Communities are computed by default; graphml output is optional (`--graphml`). 5. Query the outputs with `scripts/query_ownership.py` for bounded JSON slices. 6. Persist and visualize (see `references/neo4j-import.md`). By default, the co-change graph ignores common “glue” files (lockfiles, `.github/*`, editor config) so clusters reflect actual code movement instead of shared infra edits. Override with `--cochange-exclude` or `--no-default-cochange-excludes`. Dependabot commits are excluded by default; override with `--no-default-author-excludes` or add patterns via `--author-exclude-regex`. If you want to exclude Linux build glue like `Kbuild` from co-change clustering, pass: ```bash python skills/skills/securit...