A comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection.
CodeQL and Semgrep skills are based on the Trail of Bits Testing Handbook:
Author: Axel Mierczuk
| Skill | Purpose |
|---|---|
codeql |
Deep security analysis with taint tracking and data flow |
semgrep |
Fast pattern-based security scanning |
sarif-parsing |
Parse and process results from static analysis tools |
Use this plugin when you need to:
- Perform security vulnerability detection on codebases
- Run CodeQL for interprocedural taint tracking and data flow analysis
- Use Semgrep for fast pattern-based bug detection
- Parse SARIF output from security scanners
- Set up static analysis in CI/CD pipelines
- Aggregate and deduplicate findings from multiple tools
- Create databases for Python, JavaScript, Go, Java, C/C++, and more
- Run security queries with SARIF/CSV output
- Write custom QL queries with taint tracking
- Integrate with GitHub Actions
- Quick security scans using built-in rulesets (OWASP, CWE, Trail of Bits)
- Write custom YAML rules with pattern matching
- Taint mode for tracking data flow from sources to sinks
- CI/CD integration with baseline scanning
- Understand SARIF 2.1.0 structure
- Quick analysis using jq for CLI queries
- Python scripting with pysarif and sarif-tools
- Aggregate and deduplicate results from multiple files
- CI/CD integration patterns
/plugin install trailofbits/skills/plugins/static-analysis
variant-analysis- Use CodeQL/Semgrep patterns to find bug variants