Coverage Analysis
Skill AktivCoverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuzzing blockers.
To enable users to effectively measure and improve the code coverage achieved by their fuzzing efforts, leading to more robust and comprehensive security testing.
Funktionen
- Coverage instrumentation for C/C++ (LLVM/GCC) and Rust
- Step-by-step guide for corpus execution and profile data generation
- Detailed instructions for generating text and HTML coverage reports
- Analysis guidance for identifying uncovered code, magic values, and regressions
- Troubleshooting for common coverage analysis issues
Anwendungsfälle
- Establishing a baseline coverage for a new fuzzing campaign
- Assessing the effectiveness of harness modifications
- Investigating coverage plateaus during fuzzing
- Identifying code paths missed by fuzzers
Nicht-Ziele
- Performing the fuzzing itself
- Writing fuzz harnesses
- Analyzing non-coverage related security vulnerabilities
- Providing real-time fuzzer statistics
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate (24%) and potentially slow maintainer response.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Fixflow
100Führen Sie Codierungsaufgaben mit einem strengen Liefer-Workflow aus: Erstellen Sie einen vollständigen Plan, implementieren Sie Schritt für Schritt, führen Sie kontinuierlich Tests durch und committen Sie standardmäßig nach jedem Schritt (`per_step`). Unterstützt explizite Commit-Policy-Überschreibungen (`final_only`, `milestone`) und optional BDD (Given/When/Then), wenn Benutzer verhaltensgesteuerte Bereitstellung anfordern oder Anforderungen unklar sind.
Definition Of Done
100Mandatory checks to run before completing any task that touches md files or dart code in this repository.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.