name: Static Analysis Tools Skill description: Integration with security-focused static analysis tools allowed-tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
Static Analysis Tools Skill
Overview
This skill provides integration with security-focused static analysis tools for comprehensive code security analysis.
Capabilities
- Execute Semgrep rules and custom patterns
- Run CodeQL queries for vulnerability detection
- Execute Bandit (Python), Brakeman (Ruby), etc.
- Parse and interpret static analysis results
- Generate custom detection rules
- Aggregate findings across tools
- Map findings to CWE/CVE identifiers
- Support SAST pipeline integration
Target Processes
- static-code-analysis.js
- variant-analysis.js
- web-app-vuln-research.js
- api-security-research.js
Dependencies
- Semgrep CLI
- CodeQL CLI and databases
- Language-specific analyzers:
- Bandit (Python)
- Brakeman (Ruby)
- gosec (Go)
- SpotBugs (Java)
- Python for result aggregation
Usage Context
This skill is essential for:
- Security code review automation
- Vulnerability pattern detection
- Custom security rule development
- CI/CD security gate integration
- Variant analysis across codebases
Integration Notes
- Supports multiple output formats (SARIF, JSON, custom)
- Can run incrementally on changed files
- Integrates with IDE and CI/CD workflows
- Custom rules can be version controlled
- Results can be deduplicated and triaged