static-analysis-tools-skill

# Static Analysis Tools Skill ## Overview This skill provides integration with security-focused static analysis tools for comprehensive code security analysis. ## Capabilities - Execute Semgrep rules and custom patterns - Run CodeQL queries for vulnerability detection - Execute Bandit (Python), Brakeman (Ruby), etc. - Parse and interpret static analysis results - Generate custom detection rules - Aggregate findings across tools - Map findings to CWE/CVE identifiers - Support SAST pipeline integration ## Target Processes - static-code-analysis.js - variant-analysis.js - web-app-vuln-research.js - api-security-research.js ## Dependencies - Semgrep CLI - CodeQL CLI and databases - Language-specific analyzers: - Bandit (Python) - Brakeman (Ruby) - gosec (Go) - SpotBugs (Java) - Python for result aggregation ## Usage Context This skill is essential for: - Security code review automation - Vulnerability pattern detection - Custom security rule development - CI/CD security gate integration - Variant analysis across codebases ## Integration Notes - Supports multiple output formats (SARIF, JSON, custom) - Can run incrementally on changed files - Integrates with IDE and CI/CD workflows - Custom rules can be version controlled - Results can be deduplicated and triaged