CodeQL Static Analysis
Skill Verified ActiveScans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
To enable users to conduct in-depth security vulnerability scans on codebases using CodeQL's powerful static analysis capabilities.
Features
- CodeQL database creation and management
- Data extension modeling for custom APIs
- Security analysis with taint tracking
- Support for multiple programming languages
- Processing of CodeQL SARIF output
Use Cases
- Scanning codebases for security vulnerabilities using deep data flow analysis
- Performing comprehensive security audits with multiple query packs
- Building CodeQL databases from source code, including for compiled languages
- Finding complex vulnerabilities that require interprocedural taint tracking
Non-Goals
- Writing custom CodeQL queries (use a dedicated query development skill)
- Direct CI/CD integration (refer to GitHub Actions documentation)
- Quick pattern searches (use Semgrep or grep for speed)
- Lightweight analysis of single files (Semgrep is faster for simple pattern matching)
Workflow
- Discover or resolve output directory
- Build CodeQL database
- Create data extensions (if applicable)
- Run CodeQL analysis with selected query suites
- Process and filter SARIF results
Practices
- Code quality assessment
- Security analysis
- Data flow analysis
- Build system integration
Prerequisites
- CodeQL CLI installed and available on PATH
- Sufficient disk space for database and analysis artifacts
- Appropriate build tools for the target language (if building a database for compiled languages)
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install static-analysis@trailofbitsQuality Score
VerifiedTrust Signals
Similar Extensions
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Fp Check
98Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.
Constant Time Analysis
98Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
Variant Analysis
75Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.
Semgrep
75Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.
Janitor Usage
100Show which skills you use and which you never use