static-analysis
Static analysis toolkit with CodeQL, Semgrep, and SARIF
Developer Setup
Setup & Installation
npx skills add https://github.com/trailofbits/skills --skill static-analysisnpx skills add https://github.com/trailofbits/skills --skill static-analysisOverview
What This Skill Does
Static analysis toolkit combining CodeQL, Semgrep, and SARIF parsing for security vulnerability detection. Covers taint tracking, data flow analysis, and pattern-based scanning across Python, JavaScript, Go, Java, C/C++, and more. Based on the Trail of Bits Testing Handbook.
Application
When to use this Skill
- Configuring integration settings for custom agent workflows.
- Optimizing query execution and response latency in production.
- Developing clean, standard-compliant implementations for enterprise services.
- Troubleshooting connection timeouts and authentication handshakes.
- Monitoring API rate limits and execution pipelines programmatically.
Documentation
Show Skills.md file
Static Analysis
A comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection.
CodeQL and Semgrep skills are based on the Trail of Bits Testing Handbook:
Author: Axel Mierczuk & Paweł Płatek
Skills Included
| Skill | Purpose |
|---|---|
codeql |
Deep security analysis with taint tracking and data flow |
semgrep |
Fast pattern-based security scanning |
sarif-parsing |
Parse and process results from static analysis tools |
When to Use
Use this plugin when you need to:
- Perform security vulnerability detection on codebases
- Run CodeQL for interprocedural taint tracking and data flow analysis
- Use Semgrep for fast pattern-based bug detection
Recommendations
Explore other random skills
sentry-nextjs-sdk
Full Sentry SDK setup for Next.js 13+ (App Router and Pages Router)
sentry-go-sdk
Full Sentry SDK setup for Go (net/http, Gin, Echo, Fiber, FastHTTP, Iris, Negroni)
sentry-nestjs-sdk
Full Sentry SDK setup for NestJS with Express or Fastify, GraphQL, microservices