Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Variant Analysis

Plugin Aktiv
Teil von:Trailofbits

Find similar vulnerabilities and bugs across codebases using pattern-based analysis

1 Skill 0 MCPs
Zweck

To systematically find and analyze similar vulnerabilities and bugs across codebases after an initial issue has been identified.

Funktionen

  • Pattern-based analysis for vulnerability variants
  • Structured five-step methodology
  • Tool selection guidance (Semgrep, CodeQL, ripgrep)
  • Ready-to-use templates for multiple languages
  • Detailed documentation on pitfalls and principles

Anwendungsfälle

  • Hunting for bug variants after finding an initial vulnerability
  • Building CodeQL or Semgrep queries from a known bug pattern
  • Performing systematic code audits across large codebases
  • Analyzing security vulnerabilities and finding similar instances

Nicht-Ziele

  • Initial vulnerability discovery
  • General code review without a known pattern
  • Writing fix recommendations
  • Understanding unfamiliar code without a prior pattern

Trust

  • warning:Issues Attention13 issues opened in the last 90 days, with 4 closed. The closure rate is approximately 23.5%, indicating slow response times for open issues.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install variant-analysis@trailofbits

Enthält 1 Erweiterungen

Skill (1)

Variant Analysis Skill

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

75

Qualitätspunktzahl

79 /100
Analysiert about 11 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Static Analysis

93

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection

Plugin
trailofbits

C4 Architecture

99

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

Plugin
wshobson

Dimensional Analysis

99

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

Plugin
trailofbits

Ruflo Knowledge Graph

99

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

Plugin
ruvnet

Vulnetix

98

Vulnerability intelligence and remediation skills for Claude Code — 7 skills for exploit analysis, fix proposals, scoring, exploits, and package security via the Vulnetix VDB API

Plugin
davepoon

Semgrep Rule Variant Creator

94

Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation

Plugin
trailofbits