Skip to main content

Static Analysis

Plugin Active
Part of:Trailofbits

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection

3 Skills 0 MCPs
Purpose

To provide a robust toolkit for developers and security teams to detect vulnerabilities and analyze code quality through static analysis.

Features

  • CodeQL database creation and analysis
  • Semgrep scanning with language detection
  • SARIF file parsing and processing
  • Security vulnerability detection
  • Support for multiple programming languages

Use Cases

  • Perform security audits on codebases
  • Detect vulnerabilities before code review
  • Aggregate and deduplicate security findings
  • Integrate static analysis into CI/CD pipelines

Non-Goals

  • Writing custom CodeQL or Semgrep rules
  • Performing binary analysis
  • Replacing existing CI/CD Semgrep configurations
  • Running static analysis without SARIF output

Trust

  • warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicates a low closure rate (approx. 24%), suggesting maintainers may respond slowly to issues.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install static-analysis@trailofbits

Contains 3 extensions

Skill (3)

CodeQL Static Analysis Skill

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.

99
SARIF Parsing Skill

Parses and processes SARIF files from static analysis tools like CodeQL, Semgrep, or other scanners. Triggers on "parse sarif", "read scan results", "aggregate findings", "deduplicate alerts", or "process sarif output". Handles filtering, deduplication, format conversion, and CI/CD integration of SARIF data. Does NOT run scans — use the Semgrep or CodeQL skills for that.

78
Semgrep Skill

Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.

75

Quality Score

93 /100
Analyzed about 11 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Variant Analysis

79

Find similar vulnerabilities and bugs across codebases using pattern-based analysis

Plugin
trailofbits

Semgrep Rule Creator

79

Create custom Semgrep rules for detecting bug patterns and security vulnerabilities

Plugin
trailofbits

Trailmark Plugin

96

Builds multi-language source code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, and entry point enumeration. Generates Mermaid diagrams (call graphs, class hierarchies, dependency maps, heatmaps). Compares code graph snapshots for structural diff and evolution analysis. Runs graph-informed mutation testing triage (genotoxic). Generates mutation-driven test vectors (vector-forge). Extracts crypto protocol message flows and converts Mermaid diagrams to ProVerif models. Projects SARIF and weAudit findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.

Plugin
trailofbits

Semgrep Rule Variant Creator

94

Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation

Plugin
trailofbits

C Review

75

Comprehensive C/C++ security code review with specialized bug-finding agents covering memory safety, type safety, concurrency, and Linux/Windows userspace-specific issues

Plugin
trailofbits

© 2025 SkillRepo · Find the right skill, skip the noise.