Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Variant Analysis

Skill Aktiv
Teil von:Variant Analysis

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

Zweck

To systematically find variants of known vulnerabilities and bugs across codebases, aiding security audits and query development.

Funktionen

  • Pattern-based analysis for vulnerability variants
  • Iterative generalization process
  • Guidance on false positive management
  • Tool selection for different analysis needs
  • Methodology for root cause analysis

Anwendungsfälle

  • Hunting bug variants after finding an initial issue
  • Building or refining security query patterns (CodeQL/Semgrep)
  • Performing systematic code audits
  • Analyzing security vulnerabilities

Nicht-Ziele

  • Initial vulnerability discovery without a known pattern
  • General code review without a specific pattern
  • Writing fix recommendations
  • Deep comprehension of unfamiliar code without prior analysis

Trust

  • warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a closure rate below 50% and potentially slow maintainer response.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install variant-analysis@trailofbits

Qualitätspunktzahl

75 /100
Analysiert about 11 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Skill
trailofbits

CodeQL Static Analysis

99

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.

Skill
trailofbits

Semgrep

75

Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.

Skill
trailofbits

Janitor Usage

100

Zeigt, welche Skills Sie verwenden und welche Sie nie verwenden

Skill
khendzel

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Skill
wshobson

Safe Mode

100

Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.

Skill
rohitg00