What Changed
The ASIM parser validation skill (.github/skills/asim-parser-validator/) has been updated to change how the ASimSchemaTester function is obtained during CI validation runs. Instead of defining a large inline KQL function with hardcoded schema validation logic, the validator now:
- Downloads the YAML definition from the Azure-Sentinel repository master branch
- Extracts the ParserQuery value from the YAML content
- Uses that extracted KQL as the ASimSchemaTester function body
The CODEOWNERS file was also updated to include additional reviewer groups for the .github/skills/ directory.
Security Impact
This is an infrastructure maintenance change that improves the maintainability of ASIM parser validation tooling. The change moves from a static, potentially stale inline function definition to a dynamic download pattern that ensures the validator always uses the current schema testing logic.
Data Fidelity Risk: None. This change affects the validation tooling infrastructure, not the parsers themselves or their output. ASIM parsers continue to function identically; only the CI validation process has been updated.
Operational Impact: Parser contributors will now have validation run against the most current schema testing logic rather than a potentially outdated inline copy.
Affected Files
.github/skills/asim-parser-validator/SKILL.md
CODEOWNERS